82 Crisc Jobs - Page 3

Key Responsibilities Assist in planning and scoping IT compliance and internal control assessments. Identify risk areas and develop internal control testing programs. Perform end-to-end IT compliance assessments, including evaluating effectiveness of risk and control frameworks. Test IT General Controls (ITGCs) across domains like change management, logical access, SDLC and IT operations. Assess IT Automated Controls across business functions such as payroll, inventory, and revenue. Document control walkthroughs using narratives and flowcharts. Develop, maintain, and present compliance workpapers and reports highlighting control deficiencies and recommendations. Collaborate with management to communicate findings and ensure timely remediation of audit issues. Support external audit activities by coordinating information requests and walkthroughs. Stay up to date with regulatory and industry developments in IT compliance and risk management. Engage in continuous improvement efforts to enhance the efficiency and effectiveness of compliance processes. Qualifications Bachelor's degree in Information Technology, Computer Science etc. Professional certification (or working towards) such as CISA, CRISC, CISSP, or CISM preferred. 710 years of experience in IT audit, compliance, or risk management; minimum 3-5 years in a Big 4 or similar professional services firm preferred . Strong understanding of IT infrastructure, applications, and enterprise systems. Knowledge of Sarbanes-Oxley (SOX), ITGCs, automated controls, and internal control principles. Experience with audit and compliance tools (e.g., eAudit, Auditboard, or equivalent). Ability to understand cross-functional business processes and their integration with IT systems. Strong interpersonal, communication, and report-writing skills. Able to work independently and collaboratively under tight deadlines. Demonstrated sound judgment, critical thinking, and attention to detail. Preferred Skills Hands-on experience in documenting business processes and identifying control gaps. Ability to present findings to senior stakeholders and recommend practical remediation steps. Familiarity with GRC platforms and data analytics tools. Understanding of global business practices and regulatory environments.

We are seeking a highly motivated and detail-oriented IT Compliance Analyst to join our Risk & Compliance team. The ideal candidate will be responsible for performing comprehensive IT compliance assessments, testing IT general controls and IT Automated controls and ensuring the organization adheres to internal policies and external regulatory requirements, including Sarbanes-Oxley (SOX). This role plays a critical part in maintaining a strong internal control environment and driving process improvement across the organization. Key Responsibilities Assist in planning and scoping IT compliance and internal control assessments. Identify risk areas and develop internal control testing programs. Perform end-to-end IT compliance assessments, including evaluating effectiveness of risk and control frameworks. Test IT General Controls (ITGCs) across domains like change management, logical access, SDLC and IT operations. Assess IT Automated Controls across business functions such as payroll, inventory, and revenue. Document control walkthroughs using narratives and flowcharts. Develop, maintain, and present compliance workpapers and reports highlighting control deficiencies and recommendations. Collaborate with management to communicate findings and ensure timely remediation of audit issues. Support external audit activities by coordinating information requests and walkthroughs. Stay up to date with regulatory and industry developments in IT compliance and risk management. Engage in continuous improvement efforts to enhance the efficiency and effectiveness of compliance processes. Qualifications Bachelors degree in Information Technology, Computer Science etc. Professional certification (or working towards) such asCISA, CRISC, CISSP, or CISMpreferred. 7 -10 years of experience in IT audit, compliance, or risk management; minimum 3-5 years in a Big 4 or similar professional services firm preferred . Strong understanding of IT infrastructure, applications, and enterprise systems. Knowledge of Sarbanes-Oxley (SOX), ITGCs, automated controls, and internal control principles. Experience with audit and compliance tools (e.g., eAudit, Auditboard, or equivalent). Ability to understand cross-functional business processes and their integration with IT systems. Strong interpersonal, communication, and report-writing skills. Able to work independently and collaboratively under tight deadlines. Demonstrated sound judgment, critical thinking, and attention to detail.

Location: Thane What does a successful Internal Audit- IT professional do at FISERV? Efficiently conduct the audit projects as per The Institute of Internal Auditors standards and in accordance with Fiserv global Internal Audit framework and methodologies. What will you do: Should be able to direct/execute audit project independently (covering planning, fieldwork and reporting stages of audits) Lead a variety of moderately complex to complex IT focused audits including IT governance, service and project delivery, audits of IT technical domains such as networks, infrastructure, and applications. Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas Planning, conducting walkthroughs, drafting process understanding and relevant controls. Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls Documenting and Reviewing Test of Designs and Test of Effectiveness controls. Perform analytical procedures/analysis to test the effectiveness of controls. Document audit procedures and cross reference working papers. Create management representation letter comments and recommendations and draft audit reports for management review. Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., Validations of audit issues. Conducting special reviews. What will you need to know: Desired qualification: Computer Services engineering/ BSc/MSc-IT / BCA/MCA degree [with an emphasis in information technology or equivalent degree] Experience: at least 6 to 8 years of IT Audit experience in assessing technology/IT controls and have experience in Internal Audit, Compliance & Risk Advisory services preferably in Banking and Financial services domain. Experience in auditing IT Internal controls, IT risk mitigation and technology related processes reviews. Good experience in IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. Good client interfacing skills, drafting skills, communication, and interpersonal skills. Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.) What would be great to have: Desired certifications: CISA / CISSP / CISM / CCNA certified professionals

Company Description Tesco Bengaluru: We are a multi-disciplinary team creating a sustainable competitive advantage for Tesco by standardising processes, delivering cost savings, enabling agility, providing cutting-edge technological solutions and empowering our colleagues to do ever more for our customers. With cross-functional expertise in Global Business Services and Retail Technology & Engineering, a wide network of teams and strong governance we reduce complexity thereby offering high quality services for our customers. Tesco Bengaluru, established in 2004 to enable standardisation and build centralised capabilities and competencies, makes the experience better for our millions of customers worldwide and simpler for over 4,40,000 colleagues. Tesco Technology consists of people from a number of different backgrounds, but having a common purpose to serve our shoppers a little better every day with our retail technological solutions. We shared a common interest in harnessing innovations in technology to enhance their shopping experience at Tesco stores. Whether making products, software or systems, our teams focuses on various aspects from taking strategic ownership of the architecture to delivering technological solutions such as design, testing, deployment, infrastructure, operation and security of the systems to ensure agile, smooth and safe operations. These help us to deliver the maximum business impact. Teams refine their internal processes to best fit their own needs, working to build core capabilities in application and services. We collaborate globally across teams to build end-to-end customer-facing solutions, as well as to share knowledge, experience, tools and techniques. At Tesco, inclusion means that Everyone?s Welcome. Everyone is treated fairly and with respect; by valuing individuality and uniqueness we create a sense of belonging. Diversity and inclusion have always been at the heart of Tesco. It is embedded in our values: we treat people how they want to be treated. We always want our colleagues to feel they can be themselves at work and we are committed to helping them be at their best. Across the Tesco group we are building an inclusive workplace, a place to actively celebrate the cultures, personalities and preferences of our colleagues ? who in turn help to build the success of our business and reflect the diversity of the communities we serve. Job Description - Carry out Cyber Risk and Assurance initiatives independently while ensuring quality and timely delivery. - Perform control testing using security frameworks to determine effectiveness of the control and provide recommendations. - Review adequacy of evidence provided by Technology teams as part of control assurance activities. - Define processes to collaborate with Security and Technology teams for remediation of identified system-level control gaps and work closely with them to ensure implementation cyber security safeguards to improve security posture across the organisation. - Identify; evaluate and monitor technology risks as part of Cyber Risk and Assurance programmes. - Review security exceptions raised by Technology teams to manage the risks associated. - Drive reporting across different Cyber Risk and Assurance initiatives; including reporting to Security Leadership and Cyber/Technology governance committees. - Identify; drive and implement opportunities for process improvement across various initiatives within the Cyber Risk and Assurance team. - Build strong relationships with the stakeholders and lead internal meetings with Technology and Business Process teams. Qualifications - 7 to 10 years cyber security experience - IT audit and/or IT risk management - Experience of assessing security controls across a variety of technologies and products; recommending improvements where necessary - Hands on Experience with different security frameworks and standards such as ISO 27001; NIST; CIS; PCI; (e.g. controls testing; gap assessments) - Critical thinking with strong attention to detail and good organisational skills - Strong written; verbal communication and presentation skills; working with all levels of seniority and disciplines within the organisation - Able to build solid working relationships with internal and external stakeholders - At least one professional qualification such as CISA; CISM; CRISC CISSP or equivalent Additional information Important Notice: On behalf of Tesco Bengaluru, we must caution all job seekers and educational institutions that Tesco Bengaluru does not authorise any third parties to release employment offers or conduct recruitment drives via a third party. Hence, beware of inauthentic and fraudulent job offers or recruitment drives from any individuals or websites purporting to represent Tesco. Further, Tesco Bengaluru does not charge any fee or other emoluments for any reason (including without limitation, visa fees) or seek compensation from educational institutions to participate in recruitment events. Accordingly, please check the authenticity of any such offers before acting on them and where acted upon, you do so at your own risk. Tesco Bengaluru shall neither be responsible for honouring or making good the promises made by fraudulent third parties, nor for any monetary or any other loss incurred by the aggrieved individual or educational institution. In the event that you come across any fraudulent activities in the name of Tesco Bengaluru, please feel free report the incident at recruitment_compliance_india@tesco.com Role & responsibilities Preferred candidate profile

Ericsson is seeking an experienced GRC Specialist with 8 to 15 years of expertise in Governance, Risk, and Compliance to join our team in Noida or Bangalore. The ideal candidate will have a strong background in managing risk frameworks, compliance programs, and governance processes within large enterprises, preferably in telecom or IT sectors. Key Responsibilities: Develop, implement, and maintain governance, risk, and compliance frameworks aligned with global standards and Ericsson policies. Perform comprehensive risk assessments and compliance audits to identify gaps and recommend remediation actions. Ensure adherence to regulatory requirements such as ISO 27001, GDPR, NIST, COBIT, and ITIL. Manage and monitor compliance controls and policies to mitigate organizational risks. Collaborate with internal stakeholders and external auditors to facilitate audit readiness and compliance reporting. Drive continuous improvement initiatives for GRC processes and tools. Support incident response and business continuity planning from a GRC perspective. Lead awareness programs and training sessions on governance, risk, and compliance topics. Utilize and optimize GRC platforms (e.g., RSA Archer, MetricStream, ServiceNow GRC) for automated risk management and reporting. Required Skills and Qualifications: Bachelors or Masters degree in Information Technology, Cybersecurity, Business Administration, or related field. 8 to 15 years of experience in Governance, Risk, and Compliance roles. In-depth knowledge of GRC frameworks and standards (ISO 27001, NIST, COBIT, GDPR, ITIL). Practical experience with GRC tools and platforms. Strong understanding of cybersecurity risk management and control frameworks. Excellent analytical, organizational, and communication skills. Ability to work collaboratively across teams and influence senior stakeholders. Relevant certifications such as CISA, CISM, CRISC, CISSP, or similar preferred. Connect with me over LinkedIn at : https://www.linkedin.com/in/nitin-tushir-abc0048/

Hi, We are having an opening for Lead Audit & Compliance Specialist -IT at our Mumbai location. Job Summary : The Lead Audit & Compliance Specialist plays a strategic and hands-on role in managing IT audits, compliance requirements, and risk mitigation initiatives across Sun Pharma's global IT landscape. This role is responsible for planning, coordinating, and executing internal and external IT audits, ensuring adherence to global compliance standards including SOX, GxP, and other regulatory frameworks. The incumbent will work across functions and geographies to embed a culture of compliance, maintain audit readiness, and strengthen IT governance. Key Responsibilities: Audit Lifecycle Management Lead and coordinate global IT audits, including preparation, evidence gathering, walkthroughs, and response submission. Manage the end-to-end lifecycle of audit findings, including tracking, remediation, and closure validation. Compliance & Regulatory Adherence Ensure IT compliance with GxP, SOX, ISO, and other applicable frameworks across infrastructure and service domains. Collaborate with internal stakeholders to implement global policies and ensure readiness for inspections. Documentation & Governance Maintain comprehensive documentation for IT controls, SOPs, risk registers, and mitigation actions. Establish audit dashboards and maintain compliance scorecards by geography and function. Internal Awareness & Training Drive audit and compliance awareness across IT teams through workshops, readiness drills, and role-based training. Continuous Improvement Identify compliance gaps and propose process enhancements or automation opportunities to reduce risk exposure. Specialized Knowledge Requirements Strong understanding of global regulatory standards including SOX, GxP, and ISO 27001 Experience with IT general controls (ITGC), audit frameworks, and risk management tools (e.g., Archer, ServiceNow GRC) Familiarity with ITSM/ITIL processes and audit mapping across Change, Incident, Problem, and Asset Management Exposure to Pharma or highly regulated industries is preferred Internal Stakeholders and Nature of Interaction CIO / Head of IT Service Assurance: Strategic guidance, audit governance, and risk updates Service Assurance, Infra, Cloud, and Application Leads: Evidence coordination, control implementation, RCA collaboration ITBPs, PMO, and HR Compliance: Policy alignment, audit readiness training, and data consistency External Stakeholders and Nature of Interaction Internal & External Auditors: Direct interaction during audit planning, walkthroughs, and evidence presentation Regulatory Inspectors: Respond to inspection findings and ensure documentation and controls are validated Consultants / Third-party Advisors: Best practices adoption, controls benchmarking, and co-sourcing guidance External Interaction % Approximately 3040% of role involves active engagement with auditors, regulatory bodies, and external advisors Nature of Communication Highly structured communication involving formal documentation, audit reports, control narratives, and risk dashboards Strategic presentation of findings to senior leadership and external stakeholders Tactical and operational interactions across teams to ensure data accuracy and audit response readiness Role Played in Negotiations Key influencer in discussions around audit scoping, remediation timelines, and closure sign-off Collaborates with Legal and Compliance teams on the language and commitments in control response narratives Key Decision-Making Expected Assessment of audit risk severity and prioritization of remediation actions Selection and implementation of compliance tools or frameworks for specific geographies or domains Recommendation of policy updates based on new or evolving regulatory standards Key Challenges for the Role Managing diverse compliance obligations across multiple jurisdictions Ensuring consistent and timely audit responses across distributed IT teams Driving cultural shift toward proactive compliance ownership Addressing historical non-compliance in legacy systems Extent and Nature of Innovation Required for the Role High degree of innovation required in designing automation for compliance workflows, dashboards, and evidence management Leveraging analytics to detect non-compliance trends and trigger preventive controls Enhancing audit readiness using AI-enabled documentation checks and control testing tools Job Requirements Educational Qualification: Master's in Information Technology, Risk Management, or related field Certifications: CISA, CRISC, or equivalent certifications are preferred ITIL and GRC platform certification (ServiceNow, Archer, etc.) Skills: Risk-based audit planning and control design Cross-functional collaboration and stakeholder management Tools-based audit management and compliance analytics Experience : 12-15+ years of experience in IT audit, risk, and compliance roles. Exposure to global audit environments and regulated industries (pharma/healthcare preferred)

Proficient in Risk assessment and analysis methodologies Risk management software and tools proficiency Knowledge of regulatory (GDPR,PCI-DSS, Anti-Money Laundering (AML)) requirements and compliance standards. Understanding of insurance principles and coverage. Industry-specific certifications (CRISC, CISM, ISO 27001:LA) Project management expertise. A thorough understanding of: ISO 27001 (Information Security Management) NIST Cybersecurity Framework SOC 1 and SOC 2 Standards

Conduct comprehensive IT audits to evaluate the effectiveness and efficiency of IT systems and processes. Assess and document IT Governance, Risks and Compliance's vulnerabilities and control deficiencies. Ensure compliance with RBI guidelines and industry standards (e.g., ISO 27001, NIST, COBIT, COSO). Develop and implement audit plans and methodologies. Review and analyze evidence, document audit findings, and propose practical solutions. Collaborate with IT and business teams to improve IT governance and control frameworks. Prepare detailed audit reports and present findings to senior management. Rigor in tracking and follow-up of IS audit open points on the implementation of audit recommendations. Evaluate and test IT General Controls (ITGCs), automated controls, and key reports. Participate in risk assessments and design audit programs. Review regulatory submissions and ensure timely and accurate documentation. Perform IT vendor audits and assist in IT Governance audits. Stay updated on industry trends, emerging threats, and regulatory changes. Required Qualifications, Capabilities, and Skills: A bachelor's or masters degree in computer science, Information Technology, or Engineering, with at least 5 years of experience in IT Technical and Process Audit, along with at least one industry-recognized certification such as CISA, CRISC, or CISM. Strong understanding of RBI guidelines for NBFCs. Knowledge of Governance, Risk & Compliance function, Software development processes, IT systems, Network architecture, Databases, and Cybersecurity measures. Extensive knowledge of industry security frameworks (e.g., NIST, CIS) and ISO 27001/2 standards. Proven experience in implementing or testing IT General Controls. Basic understanding of AI-ML models, their risks, and audit testing procedures. Excellent verbal and written communication skills to effectively present audit findings and recommendations. Ability to analyze complex data, identify risks, and provide actionable recommendations. Experience in identifying and evaluating IT risks and developing mitigation strategies. Ability to identify issues and develop practical solutions. Experience in planning and managing audit projects to ensure timely completion. Meticulous in documenting audit processes and findings. Ability to work effectively with cross-functional teams and stakeholders. Capable of managing multiple audits simultaneously and meeting deadlines in a dynamic, fast-paced environment. Highly motivated, enthusiastic, performs well under pressure, and takes personal responsibility and accountability. Upholds the highest standards of professionalism, integrity, and ethical conduct.

The Global Information Security (GIS) Technology Risk Management Analyst will work with peers in Global Information Security (GIS) and across the Technology Division to ensure that third party technology risks are properly identified, assessed, monitored, and communicated in support of the overall Third Party Risk Management (TPRM) program. The Analyst will assist with the continuous improvement and daily operation of the GIS Third Party Risk Management (GIS TPRM) program. Responsibilities Include: Work with peers to identify and assess Information Security risks Conduct risk assessments using CME Groups established GIS Third Party Risk Management assessment process Collaboratively author and edit various assessment related documents including Deficiencies Observed, Summary of Work, Risk Advisory Memos, exceptions from GIS technical policies and standards, and other related output resulting from risk adjudication activities Participate in and contribute to various working groups across the Technology Division, including, but not limited to, Third Party Risk Management working group, Governance, Risk Management, and Compliance (GRC) working group, etc. Assist the GIS TPRM function with: Continuous improvement and maturation of the methods, instrumentation, training, documentation, and processes required to properly manage third party technology risks Providing advisory and consulting services to the Information Technology Management Team related to InfoSec risks, treatment strategies, and decision-making Assist in the preparation of management reports, presentations, metrics, and other documentation required to support governance functions Assist in compiling and delivering business and operational metrics at regular intervals Promoting a culture of risk awareness and accountability through training, education, and risk management consultative support Problem Solving: Objectively assess the impact, likelihood, and velocity of identified risks Objectively advise on any number of controls that will mitigate risk while not imposing undue burden on those who must implement the controls Drive objectivity and build consensus among stakeholders with widely divergent perspectives and drivers Rapidly analyze complex technical details Synthesize detailed analysis into a big picture view that can be easily understood by non-technical stakeholders in order to support risk-based decision-making for senior managers within the company Decision Making: Recommend risk treatment decisions Recommend remediation actions when risk mitigation is desired Recommend improvements to methods, instrumentation, training, documentation, and processes Recommend solutions for automating and streamlining GIS TPRM risk management practices Working Relationships: Interacts with peers across all elements of the Technology Division Communicate regularly with cross-functional peers outside of the Technology Division, including Legal, Information Governance, Global Operations, Global Assurance (Internal Audit), Enterprise Risk Management, Third Party Risk Management, and other business unit leadership Interact occasionally with industry peers from other Systemically Important Financial MarketUtilities (SIFMUs),research organizations, solution providers, etc. Required Experience: Bachelors Degree or equivalent experience Minimum of 4 to 6 years of relevant experience in publicly traded companies or finance/technology industry operations with third party risk management experience a plus Experience in at least two of the following: InfoSec (Operations, Program Management, Governance, Risk Management, etc.), Enterprise Architecture, Identity & Access Management, Application Development, Infrastructure & Operations, IT Compliance, or Internal Audit Experience working with industry based information security and / or control frameworks (NIST Cyber Security Framework, ISO 27002, COBIT, etc.) Demonstrable knowledge of a broad range of InfoSec technologies and practices Demonstrable, impeccable writing skills for technical, management, and executive audiences Additional preferred experience: Demonstrable knowledge of InfoSec risk management methods and practices Experience with operating GRC solutions Professional certification in InfoSec or Risk Management (such as CRISC, CISM, CISSP, CGEIT, CISA, etc.) CME Group: Where Futures are Made CME Group is the worlds leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career by shaping tomorrow. We invest in your success and you own it all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And were looking for more.

Your Impact Youll be responsible for engaging with senior customer representatives including CISO and other C-suite stakeholders to engage on topics around CyberSecurity, adjacent technical areas, and application of technology and programs in the business. Provides trusted support, advice and guidance on the latest trends and developments in CyberSecurity and how these can be used to provide lasting business value and impact for our customers. Applying your wide and deep experience in solving these challenges elsewhere youll help our customers with their journey, articulating Ciscos unique value proposition and architecture for CyberSecurity and how Cisco can help our customers succeed with their CyberSecurity goals. By establishing yourself as a trusted advisor and building lasting relationships, youll help bridge the communications gap between customer needs and what Cisco can offer. Identifies opportunities for Cisco to provide additional products and services that are aligned to achieving the customers CyberSecurity goals. Results and Outcomes Youll proactively strengthen and expand Ciscos presence and technology leadership in the CyberSecurity domain through externally visible activities such as blog posts, social media posts, papers, external speaking engagements and serving on external forums and boards. Youll continually acquire the knowledge and expertise necessary to pioneer new thinking and approaches. Youll contribute new materials and innovative articles rather than solely parroting existing materials or campaigns. Youll have a strongly accretive impact on Ciscos CyberSecurity business as evidenced by pipeline generation and supporting sales of products. Youll actively contribute to talent development, ensuring the principals of improving inclusion and diversity are honoured and promoted. Minimum Qualifications: * Bachelor or Masters degree in a relevant area, an MBA is preferred * CertificationsCISSP, CRISC, CISA and CISMand advantage. * Telco expertise and hands on implementation * 15+ years relevant experience with at least five (5 )years as: a CISO, Head of Risk or equivalent in a major organization; Partner or Associate, Principal, or Managing Director in a big 4+1 company or other leading consulting organization; or a combination thereof. * Proven experience and recognized as a thought leader in CyberSecurity in one or more industry verticals such as Financial Services; Service Provider; Manufacturing, Mining, Transportation, Oil and Gas, or Utilities; or Technology. * A proven record of business leadership in a technical domain and experience in transformational or strategic programs, with evidence of where past contributions have a significant impact on business. * Proven track record of C-suite engagement with an extensive personal contact base. * Published author, conference speaker and social media presence. Preferred Skills * Proven experience and recognized as a thought leader in CyberSecurity in Service Provider is highly desired * Proven experience in delivering security solutions, knowing cisco security solution is a plus.

Job Title Security Analyst Role and Responsibilities The security Analyst is a member of the CISO Regulatory & Compliance Team and will assist in ensuring the associated business units / accounts comply with applicable Conduent and NIS 2 security standards, regulations, and policies.The Security analyst will be professional, independent, impartial, and fair in all interactions. The security resource is accountable for procedures and processes that ensure the integrity, confidentiality, and availability of assigned Business units\u2019 information, applications, and infrastructure. Resource will perform routine risk assessments, security audits, and vulnerability scans to identify, evaluate, document, and remediate organization risk, control gaps and vulnerabilities. This position will be responsible for developing security reports, security recommendations, and security policies and procedures that are meaningful, defensible, and actionable for a variety of audiences as pertained to assigned business units. Perform log collection, correlation, reviews, archival, retention, and monitoring of automated alerts for items such as, and not limited to IPS/IDS alerts; change detection (FIM) alerts application firewall alerts; malware alerts rogue wireless network alerts security system health alerts; exploit attempt alerts Participate and be an integral component of audit, compliance, and regulatory functions, including and not limited to audits of system security to ensure compliance with Corporate security framework NIS 2, NIST 800-53, ISO 27001/2, PCI-DSS emerging country, state, and Federal privacy laws Primary POC in a vulnerability management program of the account that includes external and internal vulnerability scans of applications and systems external and internal penetration tests of applications and systems documentation and remediation of identified vulnerabilities and exploits routinely monitoring various communication avenues for security vulnerabilities and security patches taking a risk-based approach comparing those security vulnerabilities and security patches across the operating environments making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities Coordinate with business units, operations, and technology teams for incident response, remediation, and improvement Acts as the initial point of contact to facilitate the handling of security audits and client requests Supports the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, and making changes necessary to address deficiencies Maintain documentation that supports the annual Security compliance attestation as it is relevant to the assigned Business units Qualifications and Education CIPP, CRISC, CISA, CISSP, CISM, ISO or any security/IT audit certification is a plus. Minimum of Five (3 to 5) Years of experience in IT Security compliance, or Security Auditing is required. Knowledge and understanding of security controls across all security domains, such as access management, encryption, vulnerability management, authentication, authorization, network security, physical security, etc. Ability to identify security risks in application, system, and network architecture, data flow, and processes or procedures Ability to assess the organizational impact of identified security risks and recommend solutions or mitigating controls. Knowledge of security technologies, devices, and countermeasures, as well as the threats they are designed to counter. Experience with developing security reports, recommendations, policies, and procedures that are meaningful, defensible, and actionable for a variety of audiences. Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks). Experience in PowerPoint, Word, Excel; experience with Visio and MS Project. Communication skills (interpersonal, verbal, presentation written, email). Experience to write report segments and to participate in presentations. Familiarity with security, workflow, and collaboration tools such Nessus Tenable, Splunk, SharePoint and ServiceNow (Snow) is a plus Positive attitude, team player, self-starter; takes initiative, ability to work independently and effectively with all levels of staff and management both internally and externally Preferred Skills Creating and Maintaining NIST 800-53-rev5 based SSP and POAM Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks).

Your day at NTT DATA The Risk Analyst is a seasoned subject matter expert, responsible for assessing and managing risks to ensure the security, integrity, and resilience of the organization's operations and services. This role involves identifying potential threats, analyzing vulnerabilities, and providing recommendations to mitigate risks. Through proactive risk assessment and collaboration with cross-functional teams, this role contributes to the organization's efforts to maintain a secure and compliant environment. Key responsibilities: Analyzes risk to business activities and operations. Identifies areas of potential loss or damage for current and proposed business and financial operations, processes, structures and cyber-risk exposure and quantifies impact Implements and evaluates compliance with business and cyber risk-reduction policies, processes and standards. May participate in the development and maintenance of disaster recovery and business continuity plans. Supports organizational processes and programs for mitigation of financial risk, including administration of insurance. May support and administer security and health/safety programs in addition to risk management activities. Performs any other related task as required by management. To thrive in this role, you need to have: Strong understanding of risk assessment methodologies, global regulations, and compliance requirements. Proficiency in data analysis tools and techniques for identifying trends, patterns, and potential risks. Excellent analytical skills and attention to detail. Effective communication skills to convey complex risk concepts to a global audience. Cultural sensitivity and adaptability to work across different regions and time zones Strong problem-solving skills and ability to work collaboratively with cross-functional and global teams. Academic qualifications and certifications: Bachelor's degree or equivalent in Business, Information Security, Risk Management or related field. Relevant certifications such as CISM, CRISC, CISSP, CIPP preferred. Required experience: Seasoned years of experience as a Risk Analyst, preferably in a global organization with diverse operations.

Key Skills: Compliance Strategy, Data privacy, CRISC, CISA, CISM. Roles and Responsibilities: Develop, implement, and maintain cybersecurity policies and procedures in accordance with legal, regulatory, and industry standards such as GDPR, DPDPA, Cert-In, ISO 27001, and NIST. Conduct regular compliance audits and assessments, identifying risks or areas of non-compliance and recommending corrective actions. Provide guidance and training to employees on IT compliance, regulatory mandates, and ethical conduct. Collaborate with IT and cybersecurity teams to establish technical controls to mitigate cyber risks and data breaches. Monitor, investigate, and respond to cybersecurity incidents and breaches, coordinating appropriate remediation efforts. Prepare, submit, and maintain compliance reports for regulatory bodies and internal stakeholders, ensuring accuracy and timeliness. Maintain comprehensive documentation related to audits, risk assessments, compliance activities, and incident response. Experience Requirements: 11 to 17 years of hands-on experience in cybersecurity and IT compliance roles. In-depth understanding of laws, regulatory frameworks, and industry standards governing cybersecurity and data privacy. Strong technical expertise in network security, encryption, access controls, incident response, and cybersecurity best practices. Proven ability to assess compliance risks and implement effective mitigation strategies. Strong collaboration and communication skills with experience working across all levels of an organization. High attention to detail, well-organized, and capable of managing multiple priorities in a fast-paced environment. Strong integrity, ethics, and dedication to upholding compliance standards. Education: B.tech, M.tech, B.com, M.com, MBA, any PG.

Skills: AI, API AWS, Azure, GCP, Go, Java, JavaScript, Cryptography, Graph QL, Palo Alto Python Threat Vulnerability Bachelor's Degree in Computer Science, Information Systems, Business Administration or other related field Certification may be required for specific functions 6-9 years of information security experience Experience with gathering functional requirements, deployment of information security tools, and data analysis In-depth experience with desktop software and office automation tools Experience with information security risk management and process improvement Preferred Qualifications: Experience with threat modeling frameworks, attack vectors and vulnerability analysis: CAPEC, ATT&CK, STRIDE. Experience with application security controls (Web, API, Mobile, AI). Experience with common information security management and application frameworks: NIST 800-53, CSF, OWASP ASVS. Experience with Application Security design and DevSecOps Full stack knowledge of application architectures including: Single Page Applications, REST APIs, SOAP APIs, Mobile Applications. Experience with Java, Javascript and mobile application development. Knowledge or familiarity with database architectures including Oracle, SQL, DB2 and NoSQL Databases Experience with Cloud security, architecture, design, implementation, and operations Exposure to IAM Controls (OAuth 2.0, OIDC, JWT) Strong familiarity with Cryptography Controls (Data at rest, in motion). CISSP, CISM, CSSLP, CISA, CRISC, OSCP.

Job ID: 199874 Required Travel :Minimal Managerial - No LocationIndia- Pune (Amdocs Site) Who are we Amdocs helps those who build the future to make it amazing. With our market-leading portfolio of software products and services, we unlock our customers innovative potential, empowering them to provide next-generation communication and media experiences for both the individual end user and enterprise customers. Our employees around the globe are here to accelerate service providers migration to the cloud, enable them to differentiate in the 5G era, and digitalize and automate their operations. Listed on the NASDAQ Global Select Market, Amdocs had revenue of $5.00 billion in fiscal 2024. For more information, visit www.amdocs.com In one sentence We are seeking a highly skilled and experienced Senior Governance, Risk, and Compliance (GRC) Specialist to join our dynamic team. The ideal candidate will have a strong background in GRC, with a proven track record of managing and implementing comprehensive risk management and compliance programs, particularly within the EMEA (Europe, Middle East, and Africa) and IMEA (India, Middle East, and Africa) regions. What will your job look like Develop and maintain governance frameworks, policies, and procedures. Ensure compliance with industry standards, regulations, and contractual obligations. Identify, assess, and prioritize security risks, implementing mitigation strategies. Conduct regular risk assessments, audits, and maintain risk registers. Ensure adherence to GDPR, CRA, and other relevant security regulations. Monitor and enforce security compliance across EMEA and IMEA regions. Develop and deliver compliance training programs for employees. Prepare and present security reports to senior management and stakeholders. Collaborate with internal teams and liaise with external auditors and regulators. Communicate security risks and mitigation strategies effectively to stakeholders. All you need is... Bachelor's degree in Business Administration, or a related field. Professional certification (e.g., CISA, CRISC, CISSP) is preferred. Minimum of 6 years of experience in governance, risk management, and compliance. Strong knowledge of relevant laws, regulations, and industry standards, particularly in the EMEA and IMEA regions. Strong understanding of NIST CSF, CIS, ISO 27001, PCI DSS, and Data Protection frameworks. Excellent analytical, problem-solving, and decision-making skills. Strong communication and interpersonal skills, with experience in defending and explaining security risks and mitigations to customers and stakeholders. Ability to work independently and as part of a team. Proficiency in GRC software and tools. Why you will love this job: You will be able to demonstrates an understanding of key business drivers and ensures strategic directions are followed and the organization succeeds You will be able to gathers relevant data, identifies trends and root causes, and draws logical conclusions to develop solutions You will have ability to assess details, systems and other factors as part of a single and comprehensive picture We are a dynamic, multi-cultural organization that constantly innovates and empowers our employees to grow. Our people our passionate, daring, and phenomenal teammates that stand by each other with a dedication to creating a diverse, inclusive workplace! We offer a wide range of stellar benefits including health, dental, vision, and life insurance as well as paid time off, sick time, and parental leave Amdocs is an equal opportunity employer. We welcome applicants from all backgrounds and are committed to fostering a diverse and inclusive workforce

Job Title Senior Manager - Cybersecurity and Cyber Defense Center Direct Supervisor VP - Cybersecurity and Cyber Defense Center Job Purpose To develop, manage, and execute cyber security project across Mashreq to Lead and oversee the strategic operations of the Cyber Defense Center (CDC) to ensure effective monitoring, detection, analysis, and response to advanced cybersecurity threats. Develop and implement security strategies, policies, and procedures to manage and mitigate risks across the organization. Guide and mentor the team in using SIEM platforms (Azure Sentinel & ArcSight preferred) and other security solutions to address complex and critical security events. Coordinate with senior leadership and external stakeholders to enhance the organization's security posture and ensure compliance with regulatory requirements. Dimensions Key Result Areas Strategic Security Management: Develop and implement strategies for monitoring and responding to security events from SIEM systems (Azure Sentinel & ArcSight preferred). Analyze and respond to security events from diverse data sources such as firewalls, IDS/IPS, antivirus solutions, DAM systems, web servers, proxies, and banking applications. Advanced Threat and Incident Management: Create and refine alert rules and logic in SIEM to detect significant events and threats. Perform precise, real-time analysis and correlation of logs/alerts from multiple sources. Utilize established policies, standards, and procedures to classify security alerts as incidents and guide incident response efforts. Leadership and Improvement: Improve incident response times and reduce false positives by refining detection capabilities and processes. Assist in the design, implementation, and execution of security awareness programs and risk-based security controls analysis. Update and enhance processes and policies (SOPs, playbooks, runbooks) with a deep understanding of cybersecurity best practices. Cross-Functional Collaboration: Collaborate with compliance, audit, and regulatory teams to provide necessary information, data, and evidence. Keep up-to-date with industry knowledge and trends to maintain a high level of security proficiency. Key Principles Strategic Leadership: Provide strategic direction and leadership to the Cyber Defense Center, ensuring alignment with organizational goals and cybersecurity best practices. Enhanced Threat Detection and Response: Drive improvements in threat detection and response capabilities, ensuring accurate identification and swift remediation of security incidents. Continuous Process Improvement: Continuously evaluate and enhance security processes and policies to adapt to evolving threats and improve operational efficiency. Effective Communication and Collaboration: Maintain strong communication with internal teams, senior management, and external stakeholders to ensure effective security management and compliance. Ethical and Professional Standards: Uphold high ethical standards in all security practices, ensuring compliance with regulations and protecting sensitive information. Operating Environment, Framework and Boundaries, Working Relationships Information Security / Cyber Security Regulations and Industry best practices. HO (Head Office) and International Regulators and Supervisors across the bank is operating. All business units including LOD 1-3 including LOD1 – Business, Tech GRC, Technology, LOD-2 Group Compliance, Fraud Prevention, Risk Management and LOD-3 Internal Audit. Problem Solving Proactive and Strategic Problem Solving: Lead proactive monitoring and root cause analysis of security incidents to address underlying issues effectively. Provide strategic guidance during incident response activities for complex security incidents. Log Source Management and Optimization: Oversee the onboarding and integration of new log sources, optimizing data accuracy and enhancing threat detection capabilities. Decision Making Authority & Responsibility Evaluation and Innovation: Lead evaluations and Proof of Concept (PoC) for new security solutions and technologies, driving innovation in security practices. Security Metrics and Architecture: Monitor and analyze key security metrics to ensure alignment with security standards and contribute to the development of Security Reference Architecture. Policy and Strategy Development: Guide the creation and refinement of security policies, including scope and control decisions, ensuring alignment with organizational and regulatory requirements. High-Level Collaboration: Collaborate with senior management, vendor personnel, and other teams to achieve security objectives with minimal supervision. Knowledge, Skills, and Experience Educational Background: Graduate/Postgraduate degree in Science, Engineering, or IT. Certifications: Minimum of 2 professional certifications from CISSP, CISM, CRISC, CISA, or equivalent. Experience: Extensive experience in SIEM design and implementation, with a strong background in Cyber Defense Center or Security Operations Center roles. Over 12 years of experience in SOC & CDC, with proven leadership skills and expertise in managing complex security operations. Skills: Proficiency in managing SIEM policies and enhancing security operations. Strong analytical skills for evaluating security requirements and implementing appropriate controls. Excellent documentation and report writing skills. Knowledge of the banking environment is advantageous.

Skills Needed: Ability to analyse an organisations enterprise information technology architecture Ability to apply secure network architectures and security controls into proposed solutions Ability to identify cybersecurity or privacy issues in external or partner connections Ability to design systems and apply security architecture guidelines across On-Premises and Hybrid Cloud environments Ability to partner with Infrastructure, Cloud and Application architects to perform user needs analysis and requirements gathering for large-scale projects. Ability to develop a cyber security strategy and input into detail-oriented operational planning including capability development (People, Processes, Technology, Data). Ability to perform Controls Assurance / Attestation and deliver comprehensive risk treatment plans. Technical depth and sound knowledge in networking, cloud, desktop, server, storage, software-defined-networking, virtualization and application domains Proven communication skills, able to write and verbally communicate complex concepts Proven collaboration skills and can adapt to changing organization changing business needs, technological advances and agile methodology Self-starter and shows empathy towards business requirements and able to influence changes to facilitate security Health Insurance or Health Care Industry experience is a plus Travel required, approximately 10% Qualifications: Bachelors or Masters in Cybersecurity, Computer Science, or Information Security. Qualified candidates will typically have 13+ of professional IT experience work experience, with 8+ years of experience in a security design and development role CISSP, CISM, CCSP, CRISC or similar certifications required Expertise in encryption, network security, cloud security, application security and endpoint protection. Deep knowledge of security risks, data privacy laws, and fraud prevention techniques relevant to Financial Services, FinTech and Health sectors. Experience in data security standards and best practices for Personally Identifiable Information (PII) and Personal Health Information (PHI)Experience and working knowledge of NIST, HIPPA, PCI DSS & ISO 27001 certification is a plus Strong written and spoken English skills, demonstrated ability to communicate at high levels, both verbally and in reporting Strong work ethic, high drive and ability to focus. High stamina. Shows optimism and determination when facing challenges Ability to work successfully with a minimum of supervision in a fast paced and sometimes pressured environment

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role As a System Administrator at Kyndryl, you’ll solve complex problems and identify potential future issues across the spectrum of platforms and services. You’ll be at the forefront of new technology and modernization, working with some of our biggest clients – which means some of the biggest in the world. There’s never a typical day as a System Administrator at Kyndryl, because no two projects are alike. You’ll be managing systems data for clients and providing day-to-day solutions and security compliance. You’ll oversee a queue of assignments and work directly with technicians, prioritizing tickets to deliver the best solutions to our clients. One of the benefits of Kyndryl is that we work with clients in a variety of industries, from banking to retail. Whether you want to broaden your knowledge base or narrow your scope and specialize in a specific sector, you can find your opportunity here. You’ll also get the chance to share your expertise by recommending modernization options, identifying new business opportunities, and cultivating relationships with other teams and stakeholders. Does the work get challenging at times? Yes! But you’ll collaborate with a diverse group of talented people and gain invaluable management and organizational skills, which will come in handy as you move forward in your career. Your future at Kyndryl Every position at Kyndryl offers a way forward to grow your career, from Junior System Administrator to Architect. We have opportunities for Cloud Hyperscalers that you won’t find anywhere else, including hands-on experience, learning opportunities, and the chance to certify in all four major platforms. One of the benefits of Kyndryl is that we work with clients in a variety of industries, from banking to retail. Whether you want to broaden your knowledge base or narrow your scope and specialize in a specific sector, you can find your opportunity here. Who You Are You’re good at what you do and possess the required experience to prove it. However, equally as important – you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused – someone who prioritizes customer success in their work. And finally, you’re open and borderless – naturally inclusive in how you work with others. Required Technical and Professional Expertise • 7+ years of hands on experience in various security and IAM functions (AD, IAM, PAM, etc.) • 5+ years of experience in project delivery • Extensive practical experience with AD/Azure IAM functions e.g. groups, access policies • Some hands-on experience in PAM/IAM tools as well as user lifecycle management • Project experience in proactively identifying, tracking and closing risks and issues • Comfortable in delivering multiple workstreams accurately and within timelines • Familiarity with Zero Trust principles relating to the Identity pillar Strong analytical skills with high attention to detail and accuracy • Risk management, tracking, and resolution cross functionally (e.g Infrastructure, Cloud, Data) • Organize, prioritize and track project and operational activities on a day-to-day basis • Exceptional verbal and written communication skills at all levels of the organization • Working knowledge of large IT organization operations including change management • Hands on ability to work with AD/Azure and underlying technologies (e.g. MS Windows servers) • Implementation level knowledge of IAM principles: PAM, SSO, SOD, RBAC, Least Privilege, etc • Established ability to interface with architecture in creation of connection kits and patterns • Ability to generate reports (e.g. PowerShell) and perform analysis (e.g. Excel and PowerPoint) • Exceptional analytical abilities, providing IAM lifecycle and risk context to recommendations • Produce and update procedural documents to ensure IAM program success/business continuity • Knowledge of local, cloud and hybrid Directory Service architectures • Experience supporting security administration, operations, or security architecture • Proven clarity in documenting complex problems at senior management level Preferred Technical and Professional Experience • Microsoft certifications on AD/Entra (preferred) • IAM product specific certifications such as Delinea, or SailPoint Certifications in Information Security such as CIAM, CIMP, CIST, CISSP, CISM, CRISC, CC Being You Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.

Job Description: IT GRC Analyst I Department: Information Technology Reports To: Senior IT GRC Analyst Location: 100% Remote Experience: 10+ Years Job Summary: We are seeking a dedicated IT GRC (Governance, Risk, and Compliance) Analyst I to join our dynamic IT team. The primary responsibility of this entry-level role is to assist in ensuring that IT operations are in compliance with regulatory requirements and internal policies, with a particular emphasis on supporting Sarbanes-Oxley (SOX) audits. The IT GRC Analyst I will support risk assessments, policy development, compliance monitoring activities, and SOX audit preparations. Key Responsibilities:* Assist in the development, implementation, and maintenance of IT policies and procedures. Conduct regular risk assessments and audits to ensure compliance with regulatory standards and internal policies, with a focus on SOX controls. Support the IT team in identifying, evaluating, and mitigating IT risks. Monitor compliance with security policies and procedures to ensure a secure environment. Collaborate with different departments to ensure integrated risk management practices. Assist in preparing and executing SOX IT control reviews, documenting compliance efforts, and maintaining records of SOX controls. Provide support in responding to internal and external SOX audits and regulatory assessments. Recommend improvements to SOX controls and processes to enhance the overall security posture. Maintain up-to-date documentation of IT GRC activities, compliance reports, and SOX audit evidence. Qualifications: Bachelor's degree in Information Technology, Computer Science, or a related field. Basic understanding of IT GRC principles, regulatory requirements, risk management frameworks, and SOX compliance. Strong analytical and problem-solving skills. Excellent written and verbal communication skills. Ability to work collaboratively in a team environment. Basic knowledge of security standards (e.g., ISO 27001, NIST, GDPR, HIPAA) and SOX compliance requirements is a plus. Relevant certifications (e.g., CISA, CRISC, CISSP) are desirable but not required for entry-level applicants. Experience: Entry level; 0-2 years of experience in IT risk management, compliance, or a related field, preferably with exposure to SOX compliance activities.

The ideal candidate should be responsible for security analysis by connecting the loose ends using security information from various tools and processes to improve the cyber processes and for protecting the Bank from cyber-attacks. To manage Cybersecurity Incident response within the Bank To manage Red/ Blue Team exercises, VAPT of Applications and Infrastructure, review the reports and ensure closure. Creation/ Review of Information Systems Security Policies and procedures Periodic Review of security tools and processes like Firewall / IDS & IPS / WAF / DAM logs / PIM logs / System logs To understand, implement, monitor and review of various regulatory/ compliance frameworks like ISO 27001, PCI DSS, etc., on need basis. To ensure compliance with various Cybersecurity controls as per the regulatory framework. Vendor management periodic MIS & SLA reviews, payments & penalties, renewal of support contracts and licenses in timely manner. recognized university. Desirable: Certifications like: CISM / CISSP / CISA / CRISC / ISO 27001:2013 / PCI DSS / CEH / OSCP/ etc. 8+ years of Experience Knowledge of RBI Guidelines on IS/ Cybersecurity. Prior experience in IT Governance, Policy & procedures, Application security assessment / VAPT (preferably Hands On).

Information Security Risk Analyst - TDI CSO The Technology Data Innovation (TDI) Chief Security Office (CSO) comprises both Corporate Security and Information Security. We run security operations globally to protect the banks people, infrastructure, processes, and information. CSO Governance and Control conducts proactive Information Security (IS) controls assess ability and applicability reviews for the emerging technologies to design adaptable IS assessment framework to appropriately assess the security requirement for relevant applications and infrastructures. The role holder would mainly be working on assessments and remediation across the globe to ensure that the Information Securityrequirements for various assets within the Bank are safeguarded and mitigated from any potential risks which can include - Reputational, Financial & Regulatory. Your key responsibilities: Display strong knowledge of Information Security as this is an SME role for reviewing Risk & Control Assessments as per IS policy and ISO 27001. Work with governance, risk, and compliance (GRC) tools such as ServiceNow, should be familiar with national and international regulatory frameworks like NIST, ISO, SOX, EU DPD, PCI DSS, and GDPR and additional knowledge on Regulatory requirements/controls like MAS, CAM and PSDII to support stakeholder requirement. Display strong knowledge and understanding of Information security controls (ISO) and mitigation/remediation solutions. SME Knowledge on the BAU activities and have mentality to contribute for the daily BAU task as and when required. Take the responsibility/ownership to cover the portfolio end to end. Collaborate with process owners, internal auditors, external auditors, and other stakeholders to assist in reviewing, monitoring, and resolving findings. Ability to successfully manage third-party audits, compile evidence, and organize audit responses. Manage scope of deliverables and expectations and ensure clear and concise communication to onshore team members and other stakeholders. Provide process improvement inputs to various stakeholders. Build strong relationships with various stakeholders, including but not limited to: Portfolio Owners, Divisional ISOs, Business owners, Application & Technology owners, Risk Managers to complete Information Security Risk & Control Assessments and Remediation management. Design strategic programs and solutions to implement effective information security objectives throughout the organization. Proactively seek ways to improve upon existing practices and processes. Display insight and ability in identifying issues and develop successful solutions. Communicates openly with management and the internal stakeholders; keeps them informed of potential risk and escalate problems/delays accordingly to avoid / minimize the impact. Work with multiple, distributed teams (across different locations) Develop key operational procedures and policies where necessary and ensure adherence to all such defined policies. Represent the process in other forums, provide inputs for the monthly and quarterly dashboards with performance and with any challenges faced or suggestions to improve the quality. Proactively develop and maintain professional consultative working relationships with the CSO function, stakeholders and respective support areas and will use a range of approaches to collect relevant information to assess key risks. Your skills and experience: Significant work experience in the Information Technology / Information Security area Proven capabilities / competencies in mitigating the Information Security / Application Governance / IT Control etc. Clear understanding of the relationship between IS risk and how this applies to business processes. Professional / industry recognized certifications (e.g., CISA, CISM, CRISC etc.) are highly beneficial to cover a broad range of Information Security areas where relationship with the business or IT is required. Strong understanding of service delivery and relationship management Project management, Agile methodology, analytical and practical problem-solving skills. Ability to monitor, track and clearly communicate progress, escalate issues when appropriate. Good understanding of data and skillset to produce effective reports using Excel, Macro, or other reporting tools. Experience with data visualization tools like Tableau, Power BI, etc., Proficiency in Data Analytics Skills in Python, added advantage to languages such as SQL for data manipulation and analysis. Ability to understand the latest cybersecurity threats, attack vectors, attack techniques and emerging trends through threat intelligence sources and communities. Experience in global teams across different time zones and within a matrix environment. Professional and strong verbal and written communication skills and the ability to communicate on all hierarchy levels. Self-driven, eager to learn and well-organized team player.

Experience: Minimum of 2-4 years of experience in third-party risk management, information security, or audit programs. Experience with Venminder and other TPRM platforms. Preferred certifications include CISSP, CRISC, CISM, CISA, CTPRP, ISO, SSAE Degree in Management, Finance, Business, Computer Science, Information Systems, or a related field. Skills: Knowledge of industry regulations and compliance standards. Ability to conduct thorough risk assessments and develop mitigation strategies. Strong attention to detail and organizational skills. Strong data entry skills. Excellent communication, customer service and interpersonal abilities. Will be interacting with many areas of the business as well as Senior stakeholders. Proficiency in TPRM Platforms, Microsoft Office Suite and/or other systems. Ability to work independently and collaboratively in a team environment. Ability to work quickly and effectively under pressure and time constraints. Strong English communication skills (written and spoken) with ability to explain issues and remedies.

Cyber Security Senior Advisor (A) - HIH - Evernorth About Evernorth:Evernorth Health Services, a division of The Cigna Group (NYSECI), creates pharmacy, care, and benefits solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention, and treatment of illness and disease more accessible to millions of people.Cyber Security Senior advisorJob Objective:The Information Protection Senior Advisor is responsible for conducting research, conceptualizing, designing, developing, and testing secure technology systems, including on perimeter and cloud-based networks to support to Cignas Information Protection Middle East and Africa (MEA) team. This role directly supports the MEA Portfolio covering 34x operational entities across 22x countries ensuring that security requirements are adequately addressed safeguarding the protection of sensitive policyholder data, claims information, and financial transactions.Reporting to the Head of Cyber Security Middle East & Africa, you will develop and enforce security strategies that mitigate cyber threats, protect against fraud, and ensure business continuity in a highly regulated health insurance environment. You will be required to design, implement, and oversee the security infrastructure for our business platforms in accordance with Cigna Information Protection (CIP) security architecture framework.In this role, you will work closely with CIP Architecture and Engineering, Risk Management, and Compliance teams to build secure architectures that align with internal and regulatory requirements such as SAMA CSF (KSA), ADHICS (UAE), GDPR, HIPAA, and PCI DSS.:13-16 years of experience in a Cyber Security Design and Development role.Partners with the CIP MEA leadership team to develop a regional strategy and operational plan to deliver CIP shared services to the business.Perform security reviews using CIP or Industry standards (NIST, ISO etc) to identify gaps in security architecture and controls as part of a MEA cybersecurity risk management plan.Develop and Integrate cybersecurity designs for systems and networks that require processing of multiple data classification levelsDetermine if systems and architecture are consistent with CIPs Secure Baselines and Global Security Architecture Requirements.Ensure secure third-party vendor integrations (e.g., Fronting Partners, Third Party Administrators, regulatory entities, payment processors and healthcare providers).Advise on security requirements to be included in statements of work for Cigna or JV partners procuring new technology services.Determine and Document the impact of new system and interface implementations on the cybersecurity posture of Cigna or a JV partner.Partners with the business to evaluate and translate functional requirements and integrating security policies into technical solutions.Performs comprehensive technology research to evaluate potential solutions across cyberspace systems relevant for the MEA region including Joint Venture (JV) partners.Performs focused risks assessments of existing or new services and technologies, security architecture, identifies design gaps, risks, and recommends enhancements.Maintains strong working relationships with individuals and groups involved in managing security architecture engineering and technology risks across the organizationStays abreast of current and emerging security threats and designs security architectures to mitigate themSkills Needed:Ability to analyse an organisations enterprise information technology architectureAbility to apply secure network architectures and security controls into proposed solutionsAbility to identify cybersecurity or privacy issues in external or partner connectionsAbility to design systems and apply security architecture guidelines across On-Premises and Hybrid Cloud environmentsAbility to partner with Infrastructure, Cloud and Application architects to perform user needs analysis and requirements gathering for large-scale projects.Ability to develop a cyber security strategy and input into detail-oriented operational planning including capability development (People, Processes, Technology, Data).Ability to perform Controls Assurance / Attestation and deliver comprehensive risk treatment plans.Technical depth and sound knowledge in networking, cloud, desktop, server, storage, software-defined-networking, virtualization and application domainsProven communication skills, able to write and verbally communicate complex conceptsProven collaboration skills and can adapt to changing organization changing business needs, technological advances and agile methodologySelf-starter and shows empathy towards business requirements and able to influence changes to facilitate securityHealth Insurance or Health Care Industry experience is a plusTravel required, approximately 10%Qualifications:Bachelors or Masters in Cybersecurity, Computer Science, or Information Security.Qualified candidates will typically have 13+ of professional IT experience work experience, with 8+ years of experience in a security design and development roleCISSP, CISM, CCSP, CRISC or similar certifications requiredExpertise in encryption, network security, cloud security, application security and endpoint protection.Deep knowledge of security risks, data privacy laws, and fraud prevention techniques relevant to Financial Services, FinTech and Health sectors.Experience in data security standards and best practices for Personally Identifiable Information (PII) and Personal Health Information (PHI)Experience and working knowledge of NIST, HIPPA, PCI DSS & ISO 27001 certification is a plusStrong written and spoken English skills, demonstrated ability to communicate at high levels, both verbally and in reportingStrong work ethic, high drive and ability to focus. High stamina. Shows optimism and determination when facing challengesAbility to work successfully with a minimum of supervision in a fast paced and sometimes pressured environment About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

Hi all, We are hiring for the role Information Security Risk Specialist Experience: 6 -9 Years Location: Bangalore Notice Period: Immediate - 15 Days Skills: Experience: • 5+ years of experience in information security, risk management, or related domains. Skills and Competencies: • Comprehensive understanding of frameworks such as ISO 27001, NIST Cybersecurity Framework, COSO, and COBIT. • Proven analytical expertise in evaluating and prioritizing risks effectively. • Advanced proficiency in utilizing security tools for risk assessment and mitigation. • Strong preference for candidates with certifications like CISSP, CISM, CRISC, or equivalent. • Exceptional communication and presentation skills, with a proven ability to collaborate effectively across diverse teams. • Demonstrated problem-solving capabilities, including critical thinking and informed decision-making under pressure. • Skilled in leading security initiatives and managing projects across global teams. • A strategic mindset paired with keen attention to detail. • Resourceful and decisive under high-pressure situations. • An effective team player with exceptional interpersonal and collaboration skills. Qualifications: Education: • Bachelors degree in Information Security, Cyber Security, Computer Science, Information Science, or a related field. • Advanced degrees (e.g., Masters) or certifications (e.g., CISSP, CRISC, CISM, CEH) are a plus. If you are interested drop your resume at mojesh.p@acesoftlabs.com Call: 9701971793

Job Title Security Analyst Role and Responsibilities The security Analyst is a member of the CISO Regulatory & Compliance Team and will assist in ensuring the associated business units / accounts comply with applicable Conduent and NIS 2 security standards, regulations, and policies.The Security analyst will be professional, independent, impartial, and fair in all interactions. The security resource is accountable for procedures and processes that ensure the integrity, confidentiality, and availability of assigned Business units\u2019 information, applications, and infrastructure. Resource will perform routine risk assessments, security audits, and vulnerability scans to identify, evaluate, document, and remediate organization risk, control gaps and vulnerabilities. This position will be responsible for developing security reports, security recommendations, and security policies and procedures that are meaningful, defensible, and actionable for a variety of audiences as pertained to assigned business units. Perform log collection, correlation, reviews, archival, retention, and monitoring of automated alerts for items such as, and not limited to IPS/IDS alerts; change detection (FIM) alerts application firewall alerts; malware alerts rogue wireless network alerts security system health alerts; exploit attempt alerts Participate and be an integral component of audit, compliance, and regulatory functions, including and not limited to audits of system security to ensure compliance with Corporate security framework NIS 2, NIST 800-53, ISO 27001/2, PCI-DSS emerging country, state, and Federal privacy laws Primary POC in a vulnerability management program of the account that includes external and internal vulnerability scans of applications and systems external and internal penetration tests of applications and systems documentation and remediation of identified vulnerabilities and exploits routinely monitoring various communication avenues for security vulnerabilities and security patches taking a risk-based approach comparing those security vulnerabilities and security patches across the operating environments making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities Coordinate with business units, operations, and technology teams for incident response, remediation, and improvement Acts as the initial point of contact to facilitate the handling of security audits and client requests Supports the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, and making changes necessary to address deficiencies Maintain documentation that supports the annual Security compliance attestation as it is relevant to the assigned Business units Qualifications and Education Requirements CIPP, CRISC, CISA, CISSP, CISM, ISO or any security/IT audit certification is a plus. Minimum of Five (3 to 5) Years of experience in IT Security compliance, or Security Auditing is required. Knowledge and understanding of security controls across all security domains, such as access management, encryption, vulnerability management, authentication, authorization, network security, physical security, etc. Ability to identify security risks in application, system, and network architecture, data flow, and processes or procedures Ability to assess the organizational impact of identified security risks and recommend solutions or mitigating controls. Knowledge of security technologies, devices, and countermeasures, as well as the threats they are designed to counter. Experience with developing security reports, recommendations, policies, and procedures that are meaningful, defensible, and actionable for a variety of audiences. Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks). Experience in PowerPoint, Word, Excel; experience with Visio and MS Project. Communication skills (interpersonal, verbal, presentation written, email). Experience to write report segments and to participate in presentations. Familiarity with security, workflow, and collaboration tools such Nessus Tenable, Splunk, SharePoint and ServiceNow (Snow) is a plus Positive attitude, team player, self-starter; takes initiative, ability to work independently and effectively with all levels of staff and management both internally and externally Preferred Skills Creating and Maintaining NIST 800-53-rev5 based SSP and POAM Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks). Conduent is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity, gender expression, sex/gender, marital status, sexual orientation, physical or mental disability, medical condition, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by law. People with disabilities who need a reasonable accommodation to apply for or compete for employment with Conduent may request such accommodation(s) by submitting their request through this form that must be downloaded:click here to access or download the form. Complete the form and then email it as an attachment toFTADAAA@conduent.com.You may alsoclick here to access Conduent's ADAAA Accommodation Policy. At Conduent we value the health and safety of our associates, their families and our community. For US applicants while we DO NOT require vaccination for most of our jobs, we DO require that you provide us with your vaccination status, where legally permissible. Providing this information is a requirement of your employment at Conduent.