82 Crisc Jobs - Page 2

Hi all, We are hiring for the role Information Security Risk Specialist Experience: 7 - 9 Years Location: Bangalore Notice Period: Immediate - 15 Days Skills: Information Security Risk Specialist Experience: 7 to 9 years Location: Bengaluru Skills and Competencies: • Comprehensive understanding of frameworks such as ISO 27001, NIST Cybersecurity Framework, COSO, and COBIT. • Proven analytical expertise in evaluating and prioritizing risks effectively. • Advanced proficiency in utilizing security tools for risk assessment and mitigation. • Strong preference for candidates with certifications like CISSP, CISM, CRISC, or equivalent. • Exceptional communication and presentation skills, with a proven ability to collaborate effectively across diverse teams. • Demonstrated problem-solving capabilities, including critical thinking and informed decision-making under pressure. • Skilled in leading security initiatives and managing projects across global teams. • A strategic mindset paired with keen attention to detail. • Resourceful and decisive under high-pressure situations. • An effective team player with exceptional interpersonal and collaboration skills. If you are interested drop your resume at mojesh.p@acesoftlabs.com Call: 9701971793

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better too. Join us and build an exceptional experience for yourself, and a better working world for all. As a Technology Transformation Risk Senior, you will play a pivotal role in ensuring that technology transformations within the organization are carried out with a comprehensive understanding and management of the associated risks. You will assist in identifying, assessing, and mitigating risks associated with significant technology changes, such as system upgrades, cloud migrations, and the introduction of new digital tools and platforms. Your role will ensure that technology advancements are implemented securely and in compliance with the company's risk management policies. Key responsibilities: - Assist in conducting risk assessments for technology transformation projects, identifying potential risks and vulnerabilities. - Support the development and implementation of risk mitigation strategies to address identified risks. - Collaborate with project teams to ensure risk considerations are integrated throughout the project lifecycle. - Monitor and report on the status of risk mitigation activities, providing updates to the Technology Transformation Risk Manager and other stakeholders. - Participate in the creation and maintenance of risk documentation, including risk registers, reports, and dashboards. - Contribute to the development of risk management policies, procedures, and training materials. - Engage with internal and external stakeholders to communicate risk findings and recommendations. - Stay informed about emerging technology trends, threats, and regulatory requirements that may impact the risk landscape. - Support the Technology Transformation Risk Manager in fostering a culture of risk awareness and proactive risk management within the organization. To qualify for the role, you must have a Bachelor's degree in Information Technology, Computer Science, Risk Management, or a related field, along with a minimum of 3 years of experience in technology risk management, with a focus on transformation projects. A strong understanding of IT governance frameworks, cybersecurity principles, and data privacy regulations is required. Desired experience includes internal controls within SAP ECC/S4 Applications, professional certifications such as CRISC, CISM, CISSP, or equivalent are highly desirable, and exposure working in client-facing roles with cross-functional teams. EY exists to build a better working world, helping to create long-term value for clients, people, and society, and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate. Working across assurance, consulting, law, strategy, tax, and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.,

Job Title: Senior Manager Information/Cyber Security Job Location: Pune / Bangalore / Mumbai Job Summary: We are looking for a seasoned professional in Information/Cyber Security to be part of the Digital Trust and Security team at Capgemini Invent This role requires a resource who is experienced in managing client-facing cybersecurity programs, providing strategic advisory, and enhancing security capabilities within the organization. Key Responsibilities: Client Advisory & Leadership: Lead cybersecurity engagements for clients, and providing strategic direction and ensuring alignment with their business and security goals. Program Oversight: Manage the delivery of multiple cybersecurity projects, ensuring high-quality service, timely execution, and compliance with client expectations. Risk Management & Compliance: Oversee risk assessments for clients and ensure the implementation of security controls that meet industry standards (ISO 27001, NIST, GDPR, etc.). Team Development: Mentor and develop the internal cybersecurity team, fostering a culture of continuous improvement and ensuring the team is equipped to handle evolving client needs. Stakeholder Engagement: Collaborate with senior client stakeholders, including C-level executives, to communicate security risks, program progress, and recommend improvements. Innovation & Thought Leadership: Drive the adoption of new security technologies and best practices, positioning the organization as a thought leader in cybersecurity services. Business Development & Solutioning: Lead the development of cybersecurity solutions tailored to client needs, aligning with emerging threats and industry trends. Collaborate with sales and account teams to identify new business opportunities and expand client relationships through cybersecurity offerings. Develop and present compelling proposals, including RFP/RFI responses, for cybersecurity services. Engage in pre-sales activities, providing expertise and thought leadership to support business development efforts. Drive solution architecture and proposal strategies for large-scale cybersecurity projects to win new business. Required Skills and Qualifications: Master’s degree in Information security, Cybersecurity, Information Technology , or a related field. 10-15 years of experience in Information/Cybersecurity , with at least 7 years in a client-facing leadership role within a consulting environment. Deep understanding of cybersecurity frameworks (e.g., ISO 27001, NIST etc.) and regulatory standards (GDPR, HIPAA, PCI-DSS etc.). Proven track record in managing complex security programs for large clients, including risk management, cloud security, incident response , and compliance management . Certifications such as CISSP, CISM, CRISC, CISA, or PMP are highly preferred. Personal Attributes: Strong leadership and team-building skills, with a focus on mentoring and developing the next generation of cybersecurity leaders. Excellent communication and presentation skills, with the ability to influence senior stakeholders at client organizations.

Implement security strategy, policies & controls.Oversee risk, vendor security, BCDR, vulnerability remediation & AppSec.Drive compliance, training,audits,and continuous improvement.GRC tool expertise,ISO27001 Implementer/Auditor,CGRC/BCMS preferred.

As a Cyber Risk Manager at Stryker, your primary role will be to identify, analyze, evaluate, and mitigate present and future risks to Stryker data and assets. You will drive towards acceptable risk levels by fostering partnerships with IT, Business, and Partner stakeholders. Your responsibilities will encompass a broad spectrum of tasks within Stryker, focusing on managing and completing reviews throughout the cyber risk management lifecycle. Your essential duties and responsibilities will include leading and overseeing 3rd party cyber security assessments of vendors and other external parties engaging with Stryker. You will also drive the completion of cyber risk assessments across various functions, proactively identifying opportunities to minimize risk levels. By engaging with stakeholders and leveraging internal partnerships, you will work towards maintaining acceptable risk levels for the organization. In addition, you will be responsible for leading the design, implementation, maintenance, and enforcement of cyber risk management policies, procedures, and controls. Utilizing tools such as ServiceNow and OneTrust, you will streamline and enhance risk assessment activities. It will be crucial for you to identify key program metrics, such as key performance indicators (KPI) and key risk indicators (KRI), to gauge the effectiveness of the program and assess inherent risks to the organization. Continuous improvement of the cyber risk assessment process will also be a key focus, from request intakes to evidence gathering. To qualify for this role, you should hold a Bachelor's degree in computer information systems, Information Security, or a related field. A Master's degree is preferred. Additionally, having an understanding of various Cyber Security Risk Frameworks like NIST 800-300 and ISO 27001, along with relevant industry certifications such as CRISC, CISM, or CISSP, will be advantageous. With at least 8 years of experience in a regulated industry, strong negotiation and leadership skills are essential for this role. You should have the ability to influence and lead teams effectively, communicate proficiently, and work independently under minimal supervision. Thriving in a fast-paced environment, managing global teams, and familiarity with tools like OneTrust will be beneficial. As a Cyber Risk Manager at Stryker, you will be expected to be a results-oriented leader with the ability to drive change, collaborate effectively, and communicate across all levels of the organization. Your strategic agility, high energy, and focus on process and metrics will play a crucial role in successfully managing cyber risks and driving positive outcomes for the organization.,

As an IT Application Owner (ITAO) at Home Loan Savings, you will be responsible for collaborating with business and operation units, as well as the development team, to ensure structural stability of applications, compliance with technical/risk/policy processes, and managing the technical roadmap in alignment with Deutsche Bank's digitalization strategy. You will be part of a team in India working closely with a team in Germany, leveraging virtual collaboration techniques and diverse expertise to achieve continuous delivery and process improvement. Your key responsibilities will include maintaining application compliance with IT policies, setting up development and production environments, leading discussions with business and vendors for new requirements, delivering application releases and defect fixes, as well as assisting junior team members. You will also be involved in enterprise IT governance, information security, knowledge management, and various other aspects of application support and management. In terms of skills and experience, you should have a minimum of 8 years experience in a similar role, with basic knowledge of ITIL and experience in database, mid-range technical stack, and open-source skills. Familiarity with tools across the Software Development Lifecycle/DevOps, application governance, and Agile/SCRUM methodologies is essential. Knowledge of Home Loan Savings and Mortgage Lending is advantageous, along with experience in GCP or other Cloud technologies. Certifications such as COBIT, ITIL, PMP, CRISC, CSSLP, or CISSP are preferred. You should possess strong communication skills, the ability to manage unexpected events efficiently, and a proactive approach to problem-solving. Fluency in English is required for stakeholder interaction, and knowledge of German is a plus. People skills such as end-to-end ownership, performance orientation, analytical abilities, and a flexible working approach are crucial for success in this role. The benefits offered include a best-in-class leave policy, gender-neutral parental leaves, childcare assistance, industry-relevant certifications sponsorship, employee assistance program, comprehensive insurance coverage, and more. Training, coaching, and a culture of continuous learning are provided to support your career development. Deutsche Bank fosters a culture of empowerment, responsibility, commercial thinking, and collaboration, where employees are encouraged to excel together. Diversity and inclusivity are promoted, creating a positive and fair work environment for all.,

As a Technology Transformation Risk Senior at EY, you will be instrumental in ensuring that technology transformations are executed with a thorough understanding and management of associated risks. Your role will involve identifying, assessing, and mitigating risks related to significant technology changes like system upgrades, cloud migrations, and the implementation of new digital tools. By adhering to the company's risk management policies, you will guarantee the secure and compliant implementation of technological advancements. Key Responsibilities: - Conduct risk assessments for technology transformation projects to identify potential risks and vulnerabilities. - Assist in developing and executing risk mitigation strategies to address identified risks. - Collaborate with project teams to incorporate risk considerations throughout the project lifecycle. - Monitor and communicate the status of risk mitigation activities to the Technology Transformation Risk Manager and other stakeholders. - Contribute to the preparation and upkeep of risk documentation, including risk registers, reports, and dashboards. - Participate in the formulation of risk management policies, procedures, and training materials. - Engage with internal and external stakeholders to convey risk findings and recommendations. - Stay abreast of emerging technology trends, threats, and regulatory requirements that could impact the risk landscape. - Support the Technology Transformation Risk Manager in cultivating a culture of risk awareness and proactive risk management within the organization. Qualifications: - Bachelor's degree in Information Technology, Computer Science, Risk Management, or a related field. - At least 3 years of experience in technology risk management, particularly in transformation projects. - Profound knowledge of IT governance frameworks (e.g., COBIT, ITIL), cybersecurity principles, and data privacy regulations (e.g., GDPR, CCPA). - Preferred experience in Internal controls within SAP ECC/S4 Applications, IT application controls, IT general controls, and interface controls. - Professional certifications such as CRISC, CISM, CISSP, or equivalent are highly advantageous. - Demonstrated exposure to client-facing roles and collaboration with cross-functional teams including internal audits, IT security, and business stakeholders to evaluate control effectiveness and facilitate remediation activities. - Excellent communication, documentation, and report writing skills. Join EY to craft a fulfilling career and contribute to building a better working world for all.,

As an Information Security professional in our organization, you will be responsible for various key tasks related to ensuring the security of our third-party suppliers and information systems. Your role will involve assessing and managing the security risks associated with our suppliers, interpreting security assurance reports such as SOC2 and pen test reports, as well as reviewing security requirements in contracts. Your responsibilities will also include understanding outsourced solutions and the information classification associated with them, assessing supplier security controls based on ISO27001/2 standards, and identifying and documenting security risks. Additionally, you will be expected to suggest recommendations to address the identified security risks and potentially perform information classification assessments. To excel in this role, you should hold relevant security certifications such as ISO27001 auditor/implementation, CISSP, CRISC, CISM, or CISA. Your experience of at least 4 years in Information Security along with a strong understanding of security policies, processes, and standards will be valuable in this position. If you are a proactive professional with a keen eye for detail and a passion for enhancing information security practices, we encourage you to apply for this position. Please note that the location of this role is in Mumbai (Andheri East) and the ideal candidates should be able to join within an immediate to 30 days" notice period. Interested candidates are requested to share their updated resumes with us at manasa.chilla@visionyle.com.,

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. As part of our EY-Cyber security, the EKM Team owns the Public Key Infrastructure (PKI) and is responsible for certificate lifecycle management, distribution, and key management. The Lead Info Security engineer will be a part of a team of subject matter experts to facilitate the protection of data at rest, in-transit, or in-use by providing systems of processes, technologies, and policies. We're looking for Security Analysts in the Risk Consulting team to work on various privacy/data protection related projects for our customers across the globe. As an influential member of the team, you will help create a positive learning culture, coach and counsel junior team members, and assist in their development. **Your key responsibilities include:** - Designing, developing, integrating, and deploying encryption and key management solutions both on-premises and in the cloud. - Defining business/technical strategies to reduce risk and improve the overall security posture of applications, platforms, and infrastructure. - Collaborating with stakeholders at all levels to understand security needs and prioritize the roadmap accordingly. - Ensuring projects are completed on time, within budget, and with high quality. - Supporting necessary compliance activities and developing runbooks, SOPs, and troubleshooting guides. - Continuously validating the team's products/solutions against policies, guidelines, procedures, and regulations to ensure compliance. - Supporting the client's team by acting as an interim team member (e.g., security officer, security manager, security analyst). **Skills and attributes for success:** - Being a good team player with excellent verbal and written communication skills. - Proficient in documentation and PowerPoint skills, with good social, communication, and technical writing skills. - Ability to prioritize tasks, work accurately under pressure, and follow workplace policies and procedures. - Strong analytical/problem-solving skills and the ability to work independently on projects with minimal oversight. **To qualify for the role, you must have:** - Bachelor's or master's degree in Computer Science, Information Systems, Engineering, or a related field. - At least 7+ years of experience in Information Security with subject matter expertise in PKI, CLM, HSM. - Excellent scripting skills and experience with developing SOPs, runbooks, CP/CPS. - Technical experience with a combination of CLM, KMS, and PKI services, along with Linux and Windows systems. - 2+ years of working experience in cloud technologies such as AWS, Azure, and Google Cloud Platform. - Knowledge of security technologies like Venafi, AppViewX CERT+, Luna HSM, Fortanix DSM, MS-PKI, Sectigo. **Ideally, you'll also have:** - Experience with data tokenization/data masking and leading high performing technical teams. - Security certifications such as CISSP, CISM, CRISC, AWS, Azure, SANS, etc. - Ability to provide strong customer service and willingness to work weekends and travel as required. **What we look for:** - A team of people with commercial acumen, technical experience, and enthusiasm to learn in a fast-moving environment with consulting skills. - An opportunity to be part of a market-leading, multi-disciplinary team of professionals, working with leading businesses across various industries. **What working at EY offers:** - Inspiring and meaningful projects with a focus on education, coaching, and personal development. - Support, coaching, and feedback from engaging colleagues. - Opportunities to develop new skills, progress your career, and handle your role in a way that suits you. EY exists to build a better working world, creating long-term value for clients, people, and society, and building trust in the capital markets. Join EY's diverse global teams to provide assurance, help clients grow and transform, and find new answers to complex issues facing the world today across assurance, consulting, law, strategy, tax, and transactions.,

As a professional in IT Risk, Compliance, and security, you will play a crucial role in ensuring the security and integrity of core IT projects. Your responsibilities will include assessing audit findings and control weaknesses, collaborating with stakeholders to develop management action plans, and implementing security classification, change controls, and SDLC. Your expertise in industry frameworks such as ISO standards, GDPR, NIST, and PCI DSS will be essential in identifying and mitigating cyber security risks. In addition to your technical skills, you will also utilize your project management experience to plan and execute multiple IT Risk, Compliance, and security operations. You will contribute to the planning of SOX programs, conduct follow-ups on security control implementations, and develop project plans and resource plans to meet client needs. Your ability to communicate effectively and provide regular project updates to clients and leaders will be crucial in ensuring the success of GRC and Security engagements. Your primary skills in Governance, Risk and Compliance (GRC), Security Frameworks, and ISMS Implementation will be instrumental in driving the security initiatives forward. Additionally, possessing certifications such as CISA, CISM, CRISC, or CISSP will further enhance your expertise in the field. Joining Capgemini will provide you with the opportunity to work alongside a collaborative community of colleagues from around the world and contribute to building a more sustainable and inclusive world through technology. Capgemini is a global leader in business and technology transformation, with a strong legacy of over 55 years. As part of a diverse team of 340,000 members in more than 50 countries, you will have the chance to make a tangible impact on enterprises and society. Leveraging your skills in IT Risk, Compliance, and security, you will help unlock the value of technology for clients and address their business needs with innovative solutions. If you are passionate about technology and seeking to shape your career in a dynamic and supportive environment, we invite you to join us at Capgemini.,

Hiring TPRM (third party risk management) risk assessment In a world of growing cyber threats and regulatory demands, role of a TPRM Analyst has never been more vital We are seeking Governance, Risk, and Compliance (GRC) to implement robust frameworks that integrate risk management, compliance, and governance processes into our business strategy. Experience - 4 -7Years Location - Bengaluru Work Mode - Hybrid Certifications: ISO 27001 LA/LI, ISC2 CC, Security+, CTPRP, CTPRA, CISA, CISM, CRISC, CISSP (any one is preferable ) Information Security Governance, Compliance and Security Assessment, experience, with a focus on IT and IS Risk Assessments and program reviews / establishment. Familiarity with and demonstrated experience assessing against the BS ISO/IEC/SIG 27002:2005 BS 7799 standard domains, BS 25999 including Risk Assessment; Security policy; Organization of Information Security; Asset Management; HR Security; Physical and Environmental Security; Communications and Operations Management; Access Control; IS Acquisition, Development and Maintenance; IS Incident Management; Business Continuity Management; and Compliance. Broad understanding of Information Security trends, services and disciplines and experience applying them in dynamic environments. Were ready to fast-track your application if youre available to start! Think youre a perfect fit? Drop your resume bhumika.soni@weareams.com or Share this with someone you know who fits the bill.

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Compliance Management Good to have skills : Security Architecture DesignMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :Seeking an experienced Security Architect/ Security Compliance Professional to lead and support the design, implementation, and maintenance of security governance, risk, and compliance (GRC) frameworks. This role ensures that the organization complies with industry standards and regulations such as ISO/IEC 27001, PCIDSS, NIST CSF, SOC 2, TISAX, and others. The candidate will work cross-functionally to manage audits, assess risks, and drive continuous improvement in the security posture of the organization. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security managed operations, ensuring that all security measures align with organizational standards and compliance requirements. You will also engage in continuous improvement initiatives to enhance the security posture of the organization. Roles & Responsibilities:Expected to perform independently and become an SME or manage a team of GRC professional. Required active participation/contribution in client discussions. Contribute in providing solutions to compliance related complex situations Conduct regular assessments of security framework based or cloud security controls to ensure compliance with established standards. Collaborate with cross-functional teams to identify and mitigate potential security risks. Professional & Technical Skills: Proficient in Information Security, Cyber Security and Governance, Risk, and Compliance (GRC).Has significant exposure to evolving landscape of security compliance requirementsLead and manage security compliance initiatives across the organization.Manage/ Conduct gap assessments and implement controls in alignment with compliance standards (e.g., ISO 27001, PCIDSS, NIST, SOC 2, GDPR and other relevant frameworks).Coordinate and support internal and external security audits, including evidence collection and remediation planning.Partner with business, IT, and legal teams to ensure compliance requirements are understood and implemented.Develop and maintain security policies, procedures, and documentation in line with regulatory needs.Monitor compliance status and prepare reports and metrics for leadership.Educate teams on compliance requirements and drive a culture of security awareness.Relevant certifications :ISO27001LA/LI, ISO3100 or CISA, CISM, CRISC, or equivalent. Additional Information:The candidate should have 6-8 years of relevant experience in Information Security Governance, Risk and Compliance (GRC).A 15 years of full time education is required.This position is based at our Gurgaon/ Bangalore and Other Accenture locations Qualification 15 years full time education

Company: Reputed NBFC. Role: Cyber Defense Governance. Location: Mumbai. Responsibilities: Develop and maintain cyber defense governance frameworks. Design and manage cybersecurity KPIs and KRIs. Establish standardized incident reporting protocols, ensuring compliance with regulatory requirements. Act as the primary liaison between cybersecurity teams, risk management, compliance, and executive leadership Please share your resume on pranaya@rightmatch.co.in

Experience: 6-7 Years Job Location - Bangalore and UAE Managing GRC Projects – Risk Management Specialist Any one Relevant certification is mandatory: CISSP, CISA, CISM, CRISC, CGEIT, GRCP, GRCA Should have team lead experience

Risk Management: Identify, assess, and mitigate risks related to compliance, security, and other relevant areas Compliance Programs: Develop and implement compliance programs to ensure adherence to regulations and standards Audit Support: Assist with internal and external audits, providing documentation and evidence Policy Development: Create and maintain clear, concise policies and procedures Regulatory Change Management: Stay abreast of regulatory changes and adjust policies and procedures accordingly Reporting and Documentation: Prepare detailed reports on compliance findings and security gaps Training and Communication: Provide training to employees on compliance and security policies Collaboration: Work with cross-functional teams to achieve compliance goals Skills and Knowledge: Analytical skills: Analyze data to identify risks and compliance gaps Communication skills: Communicate findings and recommendations effectively Problem-solving skills: Identify and resolve compliance issues Understanding of GRC tools and software: Proficiency in using GRC tools for audits, risk assessments, and compliance management Requirements Bachelors degree in a related field Minimum of 5 years of experience in governance, risk management, and compliance roles Strong knowledge of regulatory frameworks and compliance standards , GDPR, SOX, ISO 27001) Excellent analytical, problem-solving, and decision-making skills Proven ability to communicate effectively with stakeholders at all organizational levels Professional certifications such as CISA, CRISC, CISSP, or similar are highly desirable Experience conducting audits and assessments, and developing compliance documentation

Job Title: Cybersecurity Analyst - IT Risk and Control Analyst Location: Chennai Experience: 9 - 15 years Notice Period: 0 - 30 Days Work Mode: Hybrid Interview Mode: 1st round is Virtual interview & 2nd round is F2F is Must Position Purpose: The IT Risk and Control Analyst plays a critical role in strengthening the risk culture within WMIS by driving the adoption of IT Risk frameworks, ensuring regulatory compliance, and reducing IT-related risk exposure. This role exists to proactively identify, assess, and monitor IT risks, perform IT control assessments, and report risk metrics to senior stakeholders. The position directly supports the APAC region and contributes to global risk visibility and risk mitigation initiatives. Responsibilities: Direct Responsibilities: IT Risk Management Identify, assess, and monitor IT risks related to WMIS activities. Record and maintain risk registers; provide regular reporting. Oversee the execution and monitoring of risk mitigation plans. Assess IT risks across the project lifecycle and track until resolution. IT Control Conduct IT control testing aligned with the Groups internal control framework. Monitor corrective action plans arising from control deficiencies. Ensure compliance with group-wide control standards. Shadow IT Governance Maintain and assess the Shadow IT inventory for the APAC region. Coordinate assessments to ensure non-compliant IT assets are identified and managed. Operational Incident Risk Management Evaluate operational risks from production and project-related incidents. Ensure proper recording, escalation, and handling of incidents. Maintain historical records for risk measurement and trending analysis. Contribute to lessons learned and prevention measures. Reporting Generate timely and accurate IT Key Risk Indicator (KRI) reports for regional and global management. Contribute to management dashboards and executive summaries of IT risk posture. Technical & Behavioral Competencies: Deep understanding of IT Risk Management principles and practices. Familiarity with IT System Development Life Cycle (SDLC) methodologies. Strong knowledge of banking industry IT systems and compliance requirements. Proficiency in Microsoft Office Suite , especially Excel and PowerPoint. Experience with ServiceNow GRC or other GRC platforms (preferred). Excellent communication skills in English (both written and verbal). Strong interpersonal, coordination, and analytical abilities. Team-oriented with a collaborative mindset. Value-added Competencies High integrity and confidentiality in handling sensitive information. Awareness of data governance , data protection , and relevant regulatory frameworks (e.g., MAS, GDPR). Strong management reporting capabilities. Ability to respond to ad hoc executive requests with agility and precision. Understanding of risk measurement metrics and dashboards. Qualifications Bachelors Degree in Information Technology , Computer Science, or related field. 10 to 15 years of relevant experience in IT Risk Management, IT Audit , or IT Security , preferably in a banking environment . Risk Management certifications such as CRISC , ISO 31000 , CISA , or equivalent are preferred. Experience with project management is a plus.

Hi all , we are looking for a role Information Security Risk Specialist experience : 7 -9 years notice period : Immediate - 15 days location : Bengaluru Information Security Risk Specialist Experience: 7 to 9 years Location: Bengaluru Job Summary: We are seeking an experienced Information Security Risk Manager to join our team at Daimler Truck Innovation Center India, Bengaluru. The ideal candidate will lead the risk management and coordination efforts related to the overall security of enterprise systems, ensuring the development, implementation, and oversight of strategies that safeguard the information assets from cybersecurity threats, vulnerabilities, and attacks. This role requires strong collaboration across internal teams, including engineering, IT, legal, and regulatory bodies, as well as with external partners, such as suppliers and industry organizations. The ideal candidate will have a deep understanding of cybersecurity risk management methodologies, and the ability to oversee multiple initiatives aimed at strengthening the risk management practices at Daimler Truck Key Responsibilities: Develop, implement, and maintain an enterprise-wide information security risk management program. Identify, assess, and document information security risks, ensuring alignment with business objectives. Perform risk assessments, vulnerability analyses, and impact evaluations on IT systems and processes. Collaborate with cross-functional teams to establish risk mitigation strategies and action plans. Monitor, track, and report on risk metrics and key performance indicators (KPIs). Stay updated on regulatory requirements and ensure compliance with standards such as ISO 27001, NIST, GDPR, etc. Develop and maintain comprehensive process documentation and generate reports tailored to the needs of various stakeholders. Drive security awareness programs and train employees on risk management practices. Prepare and present detailed risk assessment reports to senior management. Lead incident response planning and participate in cybersecurity investigations when necessary. Qualifications: Education: Bachelors degree in Information Security, Cyber Security, Computer Science, Information Science, or a related field. Advanced degrees (e.g., Masters) or certifications (e.g., CISSP, CRISC, CISM, CEH) are a plus. Experience: 5+ years of experience in information security, risk management, or related domains. Skills and Competencies: Comprehensive understanding of frameworks such as ISO 27001, NIST Cybersecurity Framework, COSO, and COBIT. Proven analytical expertise in evaluating and prioritizing risks effectively. Advanced proficiency in utilizing security tools for risk assessment and mitigation. Strong preference for candidates with certifications like CISSP, CISM, CRISC, or equivalent. Exceptional communication and presentation skills, with a proven ability to collaborate effectively across diverse teams. Demonstrated problem-solving capabilities, including critical thinking and informed decision-making under pressure. Skilled in leading security initiatives and managing projects across global teams. A strategic mindset paired with keen attention to detail. • Resourceful and decisive under high-pressure situations. An effective team player with exceptional interpersonal and collaboration skills.

At Nouryon, our global team of Changemakers takes positive action every day, to reach higher goals collectively and individually. We create innovative and sustainable solutions for our customers to answer societys needs – today and in the future. Purpose/Key Objectives of the Job: The purpose of this role is to lead Nouryon’s Governance, Risk, and Compliance (GRC) program. Enhance short/long-term GRC program strategy to align with regulatory and business needs. Lead GRC in cross-functional projects and initiatives. Apply advanced GRC knowledge/experience to mature and improve processes, controls library, and metrics reporting. Manage and review team members day to day work product. About The Job (Job Responsibilities): Track and support compliance with various findings. Build, track and support a cyber security risk program. Build, track and support a cyber security compliance program. Develop, track and support metrics and reports on KPIs, SLAs and other internal metrics. Develop policy, processes, procedures and guidelines. Build, track and support compliance to various frameworks such as ISO 27001, NIST CSF/800-53, etc. Responsible for Penetration Testing program. Track and help improve the GRC program maturity. Provide other support to the Office of the CISO. We believe you bring (Education & Experience) Former leader role in GRC with knowledge of regulatory and industry requirements and standards. 10+ years’ experience working in an enterprise environment. Experience with multiple GRC tools such as Archer, ServiceNow GRC, etc. Preferred one or more of: CISSP, CRISC, CISA, CISM. Must have experience conducting/implementing/managing risk/compliance management frameworks. Must possess strong written and verbal communication skills. Proficiency with all Microsoft (MS) Office programs is necessary, including familiarity with SharePoint. Conducting and/or coordinating information security risk assessments for technology and security frameworks. Facilitating multiple stakeholders to agree on appropriate security solutions and verifying that security risks are mitigated appropriately. Verifying that required security controls are built into new products Performing deep dives on Information security-related processes and systems. Identifying system limitations that could lead to regulatory risks in new products and services and provide guidance for resolution and risk mitigation. Staying abreast of innovative business and technology trends in Information Security, risk, and controls and advising leadership on technology initiatives. Carrying out risk assessments and gap analysis of multi-networks and cloud environments using compliance standards and frameworks such as CSF and NIST. Creating, managing, and enforcing compliance requirements for business process and information systems and assisting in the development of Authority wide cybersecurity compliance program. Designing and/or implementing Information Security solutions in an enterprise environment. Leading initiatives for re-architecting and reengineering of security controls to enhance the security posture of the Authority. Strong knowledge of Vulnerability Management Remediation. Please apply via our online recruitment system. We will not accept applications via e-mail. Once it's with us we will review to see if we have a match between your skills and the role! For more information about our hiring process, visit: nouryon.com/careers/how-we-hire/ We look forward to receiving your application! We kindly ask our internal candidates to apply with your Nouryon email via Success Factors. We’re looking for tomorrow’s Changemakers, today. If you’re looking for your next career move, apply today and join Nouryon’s worldwide team of Changemakers in providing essential solutions that our customers use to manufacture everyday products such as personal care, cleaning, paints and coatings, agriculture and food, pharmaceuticals, and building products. Our employees are driven by the wish to make an impact and actively drive positive change. If that describes you, we will gladly make way for your ambitions. From day one we support you with your personal growth, through challenging positions and comprehensive learning and development opportunities, in a dynamic, international, diverse, and proactive working environment. Visit our website and follow us on LinkedIn . #WeAreNouryon #Changemakers

As an associate in RSMs growing Technology Risk Consulting, you will have the opportunity to develop into a seasoned consultant through a high degree of client and industry exposure, career development and mentorship opportunities, and a diverse and inclusive culture. The fast-paced and dynamic environment in which we operate will provide you with daily challenges and exciting opportunities. In the Technology Risk Consulting Practice, our consultants help our clients with design and optimization of controls utilizing a general knowledge of business processes, accounting, and information technologies by identifying and prioritizing risk and transform their technology risk management and assurance capabilities to be aligned to the key risks and strategies of their organization. Responsibilities include Develop an understanding of the RSM Technology Risk Consulting approach, methodology and tools Develop an understanding of the Industry leading frameworks and methodologies for Sarbanes-Oxley, COBIT, NIST and ITIL Demonstrate understanding of business processes, internal control risk management, IT controls, and related regulatory and compliance standards Perform technology risk assessments and reviewing, documenting, evaluating controls design and operating effectiveness, IT internal audit consulting activities (internal audits over ERP systems, IT security, and other IT systems), perform external audit assurance activities, and perform service organization control services activities related to SSAE18 SOC 1 and SOC 2 reporting services Performing risk analysis by reviewing the information security policy documents against industry standards/ regulatory requirements and drafting risk reports, which summarize the information security assessment including any risks to the organization Execute components of IT audits under offshore delivery model in an effective and efficient manner Use problem solving and critical thinking skills to quickly identify internal control deficiencies, evaluate their risk implications, and draw the appropriate conclusions to best advise our clients Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, supervisors, and senior management in the U.S. on a daily basis Manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients Provide timely, high quality client service that meets or exceeds client expectations including coordinating the development and execution of the consulting work plan and client deliverables Understand RSM US and RSM Delivery Center's LOBs and work as a team in providing an integrated service delivery Ensure professional development through ongoing education Open to work on other solution sets considering business requirements. Qualifications: B.Tech/MCA/MBA with ISO 27001 Lead Auditor and up to 2 years of relevant experience in Information Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, and IT Application Controls. Candidate should have intermediate knowledge of financials, operations and technology and its related risks Candidate should have good knowledge for SOC 1, SOC 2, IT General Controls, IT Application Controls, Information security and risk management frameworks/ standards (ISO 27001, NIST, COBIT, ITIL etc.) Qualified to pursue a job-relevant certification (CIA, CISA, CISM, CRISC, CISSP) Strong Data Analytical skills including advanced Excel skills (Vlookups, pivot tables, and basic formulas), Word and PowerPoint MS Visio skills to develop process and data flow diagrams Strong multi-tasking and project management skills Excellent verbal and written communication (English) as the position requires frequent communications with RSM International clients

: Job TitleInformation Security Risk Specialist , AVP LocationMumbai, India Role Description An Information Technology & Security Risk Specialist to join the 2nd LoD Information Security & Technology Risk Team. The team is global, this role is within the Mumbai team (currently 1 person) which is being built out to support the global team. Should have a proven depth of knowledge and keen interest of Information Security and Technology and their application in large financial institutions. Working with other team members the role will input subject matter expertise and drive innovative approaches in applying risk management in an evolving threat environment. The team has a global footprint in Frankfurt, Singapore, London, Mumbai and USA. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Provide data and analytics reporting to support the team in monitoring the Information Security and Technology Risk Appetite, breaches and remediation. Where required support the implementation of automated data and analytics reporting process. Support the team delivery of Non-Financial Risk Management (NFRM) priorities such as risk & control assessments, scenario analysis, risk appetite. Monitor and challenge 1LOD Risk and Control Assessments (including results of 1LOD control testing/assurance). Perform 2LOD control assurance through targeted reviews of areas of concern. Gain an understanding and be able to articulate key Information Security and Technology regulatory requirements across APAC/MEA and their impact and implementation into the Information Security and Technology Risk Framework. Your skills and experience University degree (Computer Science, Business Administration or equivalent). Majors in Information Security and / or Risk Management are a plus. Experience (4+ years) in Information Security or Information Technology with experience in the Finance industry and/or a major Technology or Consultancy company preferred. Some level of technical understanding and training either as a data analyst, developer, business analyst or project manager. Knowledge of Information Security and Technology industry regulatory standards and/or Risk Frameworks (e.g. EBA Guidelines ISO / 27000 Series, COBIT 2019, DORA) are a plus. Relevant professional certifications e.g. CISSP, CISA, CISM, CRISC, ITIL, ISO27001 Lead Auditor or similar are a plus. Experience of working in large global teams yet comfortable working independently without day-to-day oversight and steer. Strong communication skills (English required). How well support you About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

Hello, We are looking for candidates who are Currently serving Notice Period or 30 Days Job Title: Associate - IT Governance & Compliance Reports to: Lead - IT Governance & Compliance Location: Mumbai Experience: 2-6 Years Relevant 1. Role Overview: The Associate of IT Governance & Compliance will be part of the development, implementation, and oversight of the organization's IT Governance, and compliance framework. This role ensures stringent adherence to regulatory mandates, particularly those issued by the Reserve Bank of India (RBI). The ideal candidate must demonstrate a comprehensive understanding of RBI regulations, IT to Business strategy alignment, IT Policies & Processes and Governance best practices within the financial sector. With a keen focus on regulatory compliance, this role will fortify the organization's IT operations, IT project management and safeguard its reputation. 2. Duties & Responsibilities: IT Governance Facilitate implementation of enterprise-wide IT policies, procedures, and standards. Facilitate automation of IT Processes. Coordinate integration of IT governance with broader enterprise governance structures, ensuring alignment with corporate objectives. Facilitate maintenance of governance frameworks in alignment with COBIT, ITIL etc driving adherence and continuous improvement. Collate IT governance metrics and report to IT Senior Management Regulatory and Compliance Assurance Facilitate full compliance with RBI regulations, industry standards, and internal policies. Facilitate maintenance of comprehensive IT compliance programs, proactively addressing regulatory changes. Facilitate regular compliance assessments, ensuring timely resolution of identified issues. Coordinate with regulatory bodies, ensuring accurate and timely reporting and communication IT Risk Management Facilitate a robust IT risk management framework. Track mitigation for potential IT risks, ensuring alignment with organizational goals and regulatory requirements. Track IT risk management initiatives, providing insights and recommendations to the management team Incident Management Track the IT & Security incidents and breaches, ensuring minimal impact on operations. Facilitate implementation of incident response procedures. Coordinate with key stakeholders to mitigate the impact of IT incidents, ensuring swift and effectiveresolution Imbibe a culture of continuous improvement, adopting and integrating best practices in IT governance, and compliance 3. Job Requirements: Professional Qualification : - Bachelor's degree in Information Technology, Computer Science, Business Administration, or a related field. A Masters degree or professional certifications (e.g., CISA, CISSP, CRISC) is preferred. - Minimum of 5 years of experience in IT governance, and compliance, with Lead IT GRC role within a financial services organization. - Strong understanding of IT governance and compliance frameworks, regulatory requirements, and compliance standards (e.g., ISO 27001, NIST, PCI-DSS).

The first line Tech Risk function for business divisions CB, IB and Ops at Deutsche Bank sits within the Divisional Control Office. CB and IB front-to-back have the largest footprint as a risk bearing function within the banking divisions, and you will be part of a dynamic team which is consistently in demand for providing insights, assessments and managing Information Technology (IT) and Information Systems (IS) risks on behalf of the business. Divisional Control Office (DCO) team ensures that the division operates with high levels of integrity. It is responsible for supporting the business by developing, implementing and maintaining a risk culture to ensure a strong and sustainable business control environment whilst minimizing risk arising from non-financial risk factors. DCO strategy includes improving the risk management information and strengthening the governance and risk culture and has a functional responsibility for providing a central point of oversight over the Risk & Control Assessments (RCA). This includes supporting the business by driving Risk & Control Assessment specifically focusing on Information Security (IS) / Information Technology (IT) risks in line with NFRM (2LOD) guidelines. RCA is a key component of the bank's non-financial risk management toolkit, to enable the effective profiling, monitoring and management of operational risks. As part of the team, you will join the Banks journey and contribute towards our strategic goal of managing technology risk within appetite whilst enabling adoption of emerging and new technologies for business growth. This role will specifically perform RCAs as related to the IB business. Knowledge of IB products/operations is a big plus Your key responsibilities Collaborate with businesses and support them in conducting Risk & Control Assessments as per NFRM guidelines specifically focusing on Information Security (IS) / Information Technology (IT) risks Analyze contextual data and relevant data triggers and determine or update risk profile, inherent risk, control environment and residual risk ratings along with supporting rationale, liaising with Risk Types SMEs in their business Ability to assess impact of control environment on inherent risk along with documentation of qualitative assessment Participate in 1LoD-led RCA meetings for business to drive the risk discussions, focusing on key or emerging risks that may impact the business Coordinate with businesses/2LoD and assist in 2LoD challenges Prepare RCA reports and obtain business sign-offs Document risk mitigation decisions, if required, with consideration of risk appetite Deliver high quality Global Governance decks and reporting trends to support senior management Your skills and experience CISA/CRISC or relevant security qualifications with experience of Risk & Controls and/or Internal Audit in banking industry covering Information Security (IS) / Information Technology (IT) risks Experience in SOX/ ISO27001 control framework Knowledge related to risk management (including conducting Risk & Control Assessments) and corporate banking products, processes and systems preferred, specifically focusing on Information Security (IS) / Information Technology (IT) risks Proven people management skills with ability to lead activities independently Strong quantitative and analytical skills required to critically evaluate information for key risk assessments Strong project management skills and a proactive team partner Influencing, negotiation skills and stakeholder management expertise Strong verbal and written communication skills Proficiency with automating tasks in Excel to improve efficiency a plus, but not mandatory

Bravura’s Commitment and Mission At Bravura Solutions, collaboration, diversity and excellence matter. We value your ideas, giving you room to be curious and innovate in an exciting, fast-paced, and flexible environment. We look for many different skills and abilities, as well as how you can add value to Bravura and our culture. As a Global FinTech market leader and ASX listed company, Bravura is a trusted partner to over 350 leading financial services clients, delivering wealth management technology and products. We invest significantly in our technology hubs and innovation labs, which inspire and drive our creative, future-focused mindset. We take pride in developing cutting-edge, digital first technology solutions that support our clients to achieve financial security and prosperity for their customers. About The Team/Project The Information Security Officer is responsible for supporting the implementation and operation of the organisation's Information Security Management System (ISMS) within their region. This role will support security risk management, policy compliance, audits (internal, external and client), training and awareness, supply chain risk, and support security operations in incident management. As a Managed Service Provider (MSP) and data processor for clients, the analysts will enable security controls aligning with client contractual obligations, regulatory requirements, and industry best practices. The analyst will work closely with global security leadership, regional stakeholders and clients to address both internal and client-specific security challenges What You’ll Do The position is within the Information Security team. Main activities will include but are not limited to: Internal Audit & Assurance: Support the implementation and operations of the ISMS within the region. Support alignment with global security policies and regulatory requirements including ISO27001, SOC2 type II and PCI-DSS. Support continuous assessment and improvement of security controls and processes. Information Security Risk Management Support, identify, assess, and mitigate security risks. Maintain the risk register and track remediation activities. Provide risk-based guidance to business units, IT teams, and client-facing operations. Information Security Policy & Standards Ensure compliance with corporate security policies, frameworks, and client-specific security mandates. Develop and enforce security standards and client requirements. Input into periodic reviews and updates to security policies to align with evolving requirements. Information Security Audit & Compliance Support internal and external security audits, ensuring timely remediation of findings. Provide security assurance to clients by responding to security questionnaires and participating in client audits. Coordinate with service delivery teams to meet client-specific obligations. Monitor and report on security posture, client security commitments, and compliance status. Information Security Training & Awareness Support the delivery of security awareness programs Support phishing exercises and other training initiatives to enhance security culture. Collaborate with HR and other departments to ensure security education is embedded in employee onboarding and ongoing training. Supply Chain Risk Management Support the assessment and management of security risks associated with third-party vendors and suppliers. Support security requirements are included in vendor contracts and SLAs. Enable regular security assessments of critical suppliers, considering the impact on client services. Security Operations & Incident Management Support Assist in managing and responding to security incidents within the region, to ensure rapid containment and remediation. Work with the Security Operations team to protect both internal and client environments. Support post-incident reviews and contribute to continuous improvement in incident handling, including lessons learned for client operations. Qualifications and Experience • Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience). • 3+ years of experience in an information security role, preferably with regional oversight in an MSP or data processing environment. • Good understanding of ISO27001, NIST, GDPR, and other security and data protection frameworks. • Experience in security risk management, audits, compliance, and client security assurance. • Knowledge of security operations, incident response, and managed security services. • Familiarity with supply chain security and third-party risk management. • Good communication and stakeholder management skills, with experience working with clients on security matters. • Ideally security certifications such as CISSP, CISM, or CRISC are preferred. Working at Bravura Our people are the heart of our business. We work hard to provide a rich employee experience and a robust framework for ongoing career development. Competitive salary and employee benefits scheme. Flexible working hours, we value work-life balance. Maternity/ Parental (including secondary) leave policy. Cab facility available in Delhi/NCR. Meal facility available Free Medical Insurance So, what’s next? We make hiring decisions based on your experience, skills and passion so even if you don’t match every listed skill or tick all the boxes, we’d still love to hear from you. Please note that interviews are primarily conducted virtually and if you require any reasonable adjustments or would like to note which pronouns you use, please let us know. All final applicants for this position will be asked to consent to a criminal record and background check. Please note that people with criminal records are not automatically barred from applying for this position. Each application will be considered on its merits. Youtube Video

Position Purpose The role of the Third-Party Technology Risk Management Analyst / Consultant is to implement the set of operational activities to be carried out within BNP Paribas (Group & entities) to manage ICT & Cyber risks for the beneficiaries of sourcing (Outsourcing, purchasing & shoring) initiatives supported by ICT service providers and third parties involved in ICT projects or business projects with ICT components. She/he can operate within TPTRM scope governance, providers, beneficiaries & SMEs spread throughout global region. As part of his role, she/ he will have to work closely with German stakeholders. Especially, she / he will help clients assess the risks associated to their arrangement and provide recommendations for managing those risks.. Responsibilities Direct Responsibilities Perform third-party technology risk assessments to help beneficiaries/contract owners identify and evaluate business and technology risks related to their arrangements, and provide recommendations for managing those risks Define the contractual ICT security requirements applicable to the arrangement to protect confidentiality, integrity and availability of Beneficiary data and systems Provide periodic status updates (KPIs/KRIs) including potential risks and delays to the project delivery to beneficiary project manager, conduct workshops wherever necessary Review thoroughly asset classifications and pre-existing asset related risks & control responses ensuring sync with TPTRM assessments responses Select the requirements to include in the specific ICT due diligence questionnaires to be sent to the shortlisted suppliers and analyze the providers feedback Support the Beneficiary answering ICT Security questions from the provider as part of the contract negotiation process List of the risks that should be formalized in a risk management plan given the third party's answers and report on the third party's ability to manage risks Support the Beneficiary recording the arrangement data in the various Group registers (ServiceNow, RISK360, etc.) Ensure periodic review of ICT arrangements and contracted ICT services Demonstrate knowledge in one or more of the following cyber risk domains, including: Security Governance and Management, Security Policies and Procedures, Application Security Controls, Access Controls, Incident Response, Risk Management, Privacy and Data Protection, Encryption. Contributing Responsibilities Direct Responsibilities Perform third-party technology risk assessments to help beneficiaries/contract owners identify and evaluate business and technology risks related to their arrangements, and provide recommendations for managing those risks Define the contractual ICT security requirements applicable to the arrangement to protect confidentiality, integrity and availability of Beneficiary data and systems Provide periodic status updates (KPIs/KRIs) including potential risks and delays to the project delivery to beneficiary project manager, conduct workshops wherever necessary Review thoroughly asset classifications and pre-existing asset related risks & control responses ensuring sync with TPTRM assessments responses Select the requirements to include in the specific ICT due diligence questionnaires to be sent to the shortlisted suppliers and analyze the providers feedback Support the Beneficiary answering ICT Security questions from the provider as part of the contract negotiation process List of the risks that should be formalized in a risk management plan given the third party's answers and report on the third party's ability to manage risks Support the Beneficiary recording the arrangement data in the various Group registers (ServiceNow, RISK360, etc.) Ensure periodic review of ICT arrangements and contracted ICT services Demonstrate knowledge in one or more of the following cyber risk domains, including: Security Governance and Management, Security Policies and Procedures, Application Security Controls, Access Controls, Incident Response, Risk Management, Privacy and Data Protection, Encryption. Contributing Responsibilities Instruct the 5 European Bank Authority ICT risks categories and follow them throughout TPTRM assessments Participate in Initialization Committee/ Validation Committee & Go-Live committee for Supporting specific arrangements and results Provide support to beneficiary / contract owner to implement residual actions Facilitate the business/sponsor/beneficiary/SME decision-making with deep analysis based on relevant flagged risk families Provide support to contract owners and coordinate/ assist to ensure proper assessments are done Manage TPTRM inventory with follow-up tracker management Contribute to process improvement, upkeep with new policies, regulations, standards & guidelines Technical & Behavioral Competencies Functional Skills Experience in IT Risk and Cyber Security domains in a financial institution demonstrating a high-level of commitment and self-motivation. Experience in the Finance & IT industry with a strong exposure to IT Operations, Application Security, and/or network administration, IPS Demonstrate knowledge of Risk & Compliance, cybersecurity, cyber risk, cyber threats, Third Party Technology Risk Management/ Vendor assessments Working knowledge of global regulations, frameworks and standards (ISO, NIST, COBIT, PCI-DSS, HIPAA) and conversant in the tactics, techniques and procedures used by Risk adversaries. Demonstrates a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate. Good IT knowledge Technical : - Good understanding of organizations and IT Businesses - Good technical understanding of infrastructures and IT Security Productions and Systems - IT risk /Third Party risk analysis and management methods and should have worked on Risk Management Tools like, ServiceNow etc. - Knowledge of Cyber Resilience, IT continuity and business continuity - GRC - Governance, Risk Management and Compliance Management. - Firewall and Internet technologies; Cloud Security, Banking Tools & Technologies. - Secure access control mechanisms; Encryption and Key management technics Behavioral : - Strong Communication, Analytical and problem-solving skills. - Proven organizational skills with excellent multi-tasking, result oriented and prioritization skills - Good documentation and reporting skills - Ability to work independently - Strong communication and interpersonal skills, able to communicate and relate easily with IT, Finance and back-office users - Good communication, technical writing/diagramming skills - Attention to detail and accuracy Specific Qualifications (if required) - One or more Industry-recognized information Security certifications such as CISSP, CISA, GCCC, CISM, CEH, CRISC, OSCP or Security+. - IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc. - IT Auditing (ISO27001/2, NIST 800 Series, ISO27005, ISO42001) - Regulatory Compliance MBA in Finance/Systems/IT, Masters in Technology, Bachelor of Commerce, Masters in Commerce, Bachelor in Science, Bachelor in Technology Skills Referential Behavioural Skills : (Please select up to 4 skills) Communication skills - oral & written Attention to detail / rigor Ability to deliver / Results driven Creativity & Innovation / Problem solving Choose an item. Choose an item. Choose an item. Transversal Skills: (Please select up to 5 skills) Analytical Ability Ability to manage a project Ability to understand, explain and support change Ability to develop and adapt a process Ability to anticipate business / strategic evolution Education Level: Bachelor Degree/ Master Degree or Equivalent Choose an item. Experience Level 5-7 years and 3-5 years Choose an item. Other/Specific Qualifications (if required) CISA/CISSP/CISM/CRISC

Job Title: Information Security Officer (ISO) Corporate Title: AS Role Description The role of an Information Security Officer (ISO) is of a role holder aligned to a portfolio of applications (Application ISO). The ISO has the responsibility for the operational aspects of ensuring compliance with the Information Security Principles. The ISO is the primary contact for information security relevant matters within their area of responsibility. The ISO has a disciplinary reporting line into their Line Manager and a functional reporting line into the Divisional CISO. Your key responsibilities To assume the ownership and responsibility for the assigned IT assets, in line with the DB Group Information Security management processes and the Divisional ISMS. To support the development and maintenance of Information Security policies and procedures pertaining to the Unit in accordance with the Information Security policies and procedures of DB Group. To support the management of IS Risks within the Risk Appetite defined by the ISR. To execute the IS Risk assessments and compliance evaluations for assigned IT assets To ensure the execution of information security risk management requirements in their area of responsibility as additionally defined by the Divisional ISO (e.g., conducting risk assessments on an organizational basis, preparing and implementing management action plans to mitigate identified risks) To ensure the implementation of Identity and Access Management Processes and the execution of a periodic recertification of User Access Rights in their area of responsibility To provide timely updates to the Divisional ISO regarding the aforementioned information security management tasks To ensure that application entries regarding information security (e.g., Data Protection and Data Privacy fields) in the Groups inventory of applications are accurate and up to date To implement Segregation of Duty (SoD) rules for the assigned IT assets To contribute to the Information Security incident management process in the case of a security breach Keep oneself informed of the Information Security Principles and its subordinate documents and liaise with any other necessary parties to accomplish their tasks. These resources may be e.g., the TISO, ITAO or any other subject matter experts To ensure appropriate documentation of information security risk management in area of responsibility. This includes major decisions including identified and assessed risks as well as risk mitigation measures To deliver all items requested during regulatory and internal Information Security related audits Your skills and experience Essential Candidate should have a minimum of 8 years of business experience in an operation management / risk management capacity, working knowledge in various banking products with strong communications skills Knowledge on Information Security Controls, Data Protection Policy, Information classification principles and segregation of duties requirements within Banking Operations Good understanding of Regulatory, Compliance, Risk & Control Knowledge Have sound knowledge of Identity and Access Management Process Ability to multitask and manage multiple deliverables / projects that are highly visible and of strategic importance to our clients Ability to effectively communicate with clients internally and externally Must be a team player and facilitator Desirable Solid technical understanding of the business (CB Operations) including strong knowledge of application security related processes. Knowledge of electronic banking products and flow of instructions Computer proficiency in MS Office and ability to utilize IT initiatives to achieve a high degree of operational efficiency, optimize costs and add value to the service provided Innovative approach to work and continuously identify and implement process improvements Seek opportunities to improve service processes, minimize operational risk and reduce costs Strong analytical skills, detail orientation, service commitment and solid people management skills Strong awareness of risk control Education / Certification Graduation degree CRISC Desired: CISA/CISM/CISSP