793 Grc Jobs - Page 6

Project Role : Security Delivery Lead Project Role Description : Leads the implementation and delivery of Security Services projects, leveraging our global delivery capability (method, tools, training, assets). Must have skills : Network Security Implementation Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Delivery Lead, you will be at the forefront of implementing and delivering Security Services projects. Your typical day will involve coordinating with various teams to ensure that projects are executed efficiently, utilizing our global delivery capabilities, including methods, tools, training, and assets. You will engage with stakeholders to align project goals and deliverables, ensuring that security measures are effectively integrated into the overall project framework. Your leadership will guide the team in navigating challenges and achieving project milestones, fostering a collaborative environment that emphasizes security best practices and continuous improvement. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team skills and knowledge in security practices.- Monitor project progress and implement corrective actions as necessary to meet deadlines. Professional & Technical Skills: - Must To Have Skills: Proficiency in Network Security Implementation.- Strong understanding of firewall configurations and management.- Experience with intrusion detection and prevention systems.- Knowledge of security protocols and standards such as ISO 27001 and NIST.- Familiarity with risk assessment methodologies and vulnerability management. Additional Information:- The candidate should have minimum 7.5 years of experience in Network Security Implementation.- This position is based at our Mumbai office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : ServiceNow Governance, Risk, and Compliance (GRC) Good to have skills : Security Architecture DesignMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud security. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular assessments of cloud security measures to ensure they align with business objectives.- Collaborate with cross-functional teams to integrate security practices into the development lifecycle. Professional & Technical Skills: - Must To Have Skills: Proficiency in ServiceNow Governance, Risk, and Compliance (GRC).- Good To Have Skills: Experience with Security Architecture Design.- Strong understanding of risk management frameworks and compliance standards.- Experience in implementing security controls and monitoring solutions.- Familiarity with cloud service models and their security implications. Additional Information:- The candidate should have minimum 3 years of experience in ServiceNow Governance, Risk, and Compliance (GRC).- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

Role & responsibilities : The Service-now Consultant is responsible for developing technical solutions on the ServiceNow platform to satisfy the business needs of the IT department and beyond. Development of ITSM & other modules (GRC, SECOPS, HRSD, CSM, ITBM) in ServiceNow Platform. Always follow best development practices during support and development. Support other developers in their work to integrate existing systems with Service Now. Strong hands-on ServiceNow experience (either support or development). Creating technical design document and writing Unit test cases. Knowledge in Web Technologies (XML, HTML,JAVA Script, etc.) Will be essential. ServiceNow upgrade hands-on. Very good knowledge of the ITSM/GRC/SECOPS/HRSD/CSM/ITBM process. Exceptional Interpersonal Skills & Ability to work Independently and with a team. Ability to work in second shift in India when required Preferred candidate profile Candidate should have the ability to perform in a dynamically changing environment Should have prior working experience in ServiceNow tool Service Now Integration to various solutions (SaaS, External Apps) using REST API / webservice / JSON / ServiceNow Scripting. Ability to work under pressure and handle crunched timelines Excellent verbal/written communication, collaboration, analytical and presentation skills to lead an environment driven by customer service and teamwork

We are hiring a ServiceNow Developer with 7-9 years of experience to work on DORA and EIR-related initiatives This 6-month full-time onsite role (locations include Pune, Bangalore, Hyderabad, Noida, and Delhi NCR) requires hands-on experience with GRC/IRM modules, platform customization, integration, and workflow automation The ideal candidate should hold ServiceNow certifications including CSA and CAD Strong problem-solving ability, team collaboration, and experience in delivering enterprise-level risk and compliance solutions are essential Location - Pune (Onsite), Bangalore, Hyderabad, Noida (Onsite), Delhi NCR

Role & responsibilities 1. Manage VM Program. Ensure all IT assets are covered under VM. Ensure VM tasks are carried out as per schedule. Consolidation, tracking and closure of reported vulnerabilities. Preparing reports and trackers. 2. Manage Compliance & Regulatory activities. User Access Management Support and manage IT audits Other related activities. 3. Manage BAU/operational tasks. Incident Management (detect, respond and resolve) reported through various mediums. Review/assessment of security requirements from business, IT teams & other peer functions. Drive security initiatives/Projects & implementation Ensure Calendar activities are completed in timely basis Compliance to Regulatory Guidelines Risk Assessment of all Security Controls Annually Drive third party Assessments Review Security Architecture and Change Approvals Review Approvals for Security Exceptions Governance of all the Audit and IRDAI open points Manage SOC operations and Compliance with monitoring Ensure compliance to all the Security Controls implemented Preferred candidate profile Location: Thane Competencies Subject knowledge & expertise on information, cyber & data security domains. Good understanding of evolving technologies. Practical/hands-on experience on managing security projects. Understanding the business landscape and security applicability Coordinating with all the global stakeholders for security tools implementation and compliance Handle security projects. Governance of all the security projects BAU Risk assessment as per IRDAI Guidelines Governance of all Outsourced work

We are seeking a dedicated and meticulous Data Privacy & GRC Analyst with 12 years of experience to contribute to our data protection, governance, risk, and compliance initiatives. Your role will involve aiding in the establishment of privacy and GRC frameworks, ensuring adherence to regulations such as GDPR and CCPA, and supporting risk evaluations and internal audits. This position presents a valuable opportunity to advance your career in privacy, risk, and compliance, collaborating closely with seasoned privacy experts and cross-functional teams. Your responsibilities will include assisting in the deployment and supervision of data privacy policies and compliance schemes, backing privacy impact assessments (PIAs/DPIAs) and vendor risk evaluations, managing documentation like Records of Processing Activities (RoPA), staying abreast of regulatory changes, and aiding in policy enhancements. Additionally, you will play a role in addressing Data Subject Access Requests (DSARs), participating in internal audits and compliance assessments related to privacy and risk controls, crafting and delivering privacy training and internal communications, and engaging with Legal, IT, Security, and HR teams on privacy-related issues. Qualifications: - A Bachelor's degree in Law, Computer Science, Information Systems, Business, or a related field. - Minimum of 12 years of experience in a privacy, GRC, compliance, or IT security support capacity. - Fundamental knowledge of data protection regulations such as GDPR and CCPA. - Familiarity with data mapping, classification, and third-party risk principles. - Exceptional attention to detail, effective communication abilities, and a proactive learning attitude. Preferred Skills: - Exposure to GRC tools like OneTrust, TrustArc, or ServiceNow GRC. - Familiarity with privacy frameworks or security standards such as ISO 27001 and NIST. - Certifications like IAPP CIPP/E, CIPM, or ISO 27001 Foundation would be advantageous.,

7-8 Yrs Exp in Servicenow (Mandate) Good Exp End-to-end ServiceNow platform (Ideal) Good Exp - ITSM, ITAM, CMDB GRC–Implementation on Plng Merging with SAP Build Automation Capabilities with ServiceNow & deployments. API Mgt ServiceNow Virtual Agent. Required Candidate profile 7-8 Yrs Exp in Servicenow (Mandate) Good Exp End-to-end ServiceNow platform (Ideal) Notice Period - Immediate / Max 30 Days

Choosing Capgemini means choosing a company where you will be empowered to shape your career in the way youd like, where youll be supported and inspired by a collaborative community of colleagues around the world, and where you ll be able to reimagine what s possible. Join us and help the world s leading organizations unlock the value of technology and build a more sustainable, more inclusive world. Your Role Implement role-based access control (RBAC) and analytic privileges Secure data models (Calculation Views, CDS Views) Integrate HANA with IAS/IPS for identity and access management Monitor user activity, audit logs, and enforce security policies Configure encryption, SSL, and secure connections Your Profile 6 -12 years in SAP HANA security administration Strong knowledge of HANA DB privileges (object, system, analytic) Experience with HANA Cockpit, Studio, and Web IDE Familiar with XS Advanced (XSA) and HANA Cloud security Skilled in identity federation, SAML, OAuth, and data masking What you"ll love about working with us: Flexible work optionHybrid Competitive salary and benefits package Career growth with SAP and cloud certifications Inclusive and collaborative work environment

Job Title: GRC Analyst Location: Tiruchirappalli (Onsite) Shift Timing: Night shift Qualification: Bachelors degree in Information Technology or a related field Certifications (Preferred): CISSP, CRISC, or other relevant Information Security certifications Job Summary: We are seeking a detail-oriented and experienced GRC Analyst to assess and prioritize information security risks, ensure compliance with regulatory requirements, and implement information security policies and standards across the organization. The ideal candidate will play a pivotal role in preparing the organization for audits and certifications, leading internal assessments, and supporting the Information Security Management System (ISMS). Key Roles & Responsibilities: Assess and prioritize information security and cybersecurity risks across the organization. Ensure compliance with regulatory standards and internal information security policies. Develop and report on key information security and compliance metrics. Act as Lead Implementer and Internal Auditor for ISMS and other security frameworks. Implement ISO policies and procedures throughout the organization. Manage client compliance and security assessments. Handle implementation and audits for standards including: ISO/IEC 27001:2013 & 27001:2022 SOC 1 Type 2 & SOC 2 Type 2 Prepare audit reports and audit plans; lead meetings and drive readiness for ISO certification. Conduct regular internal audits on ISMS, track non-conformities (NCs), and ensure timely closures. Deliver information security awareness training and incident prevention programs. Review and interpret Vulnerability Assessment & Penetration Testing (VAPT) reports. Evaluate and document Business Continuity Plan (BCP) test results. Coordinate with stakeholders during internal and external audits. Participate in projects with information security requirements. Conduct monthly assessments of employee compliance with security policies. Demonstrate hands-on experience with external audit processes and interactions.

Overview This role is responsible for coordinate resources, solve technical requirements, evaluate risks and scope of SAP improvements, upgrades and implementations for Global PGT and individual PGT and deploy technological solutions according Pepsicos SAP/IT best practices and compliance. This role is also responsible for assessing functional requirements, guide the group as per Application Security guidelines and Compliance standard methodologies, and ensure transparent security design. Provides subject matter expertise (SME) in solutioning and implementing SAP access management requirements. This role severs as the leader for cyber security governance, engineering, and reporting for PGT. This role is also the liaison with Information Security. Additionally, this roles objective is to successfully deliver security upfront across all PGT deployments while ensuring consistency in approach and providing visibility through communication and alignment with key stakeholders. Responsibilities Point Person for PGT SAP implementations with the leaders, functional team and business unit. Provide project progress information to functional and business Directors and Managers Minimize SoD critical risk during implementations and guide during each phase to achieve the SAP security governance and controls. Work closely with controls team (IT, configurable and internal control) and continue supporting the best practices Communicate with governance team in order to implement local and global best practices. Coordinate SAP Security implementations during the lifecycle of the projects. Consolidate and support PGT implementations regarding SAP Security best practices. Introduce delivery automation processes , Actively participate in the Continuous Process Improvement initiatives by striving to look for possible efficiencies, scalability and / or cost reduction opportunities. Work with limited supervision and exhibit a solid sense of urgency Actively participate in the Continuous Process Improvement initiatives by striving to look for possible efficiencies, scalability and / or cost reduction opportunities Facilitates internal and external audits as requested Always ensure Data Protection by leveraging Data Masking and Data Scrambling techniques Responsible for Leadership reporting on various Information Security metrics across Tech Strategy and Enterprise Solutions teams Collaborate with Information Security organization to ensure remediation of security vulnerabilities to ensure security health index is maintained as intended Manage and provide status updates on security assessments, vulnerability remediation, and exceptions Provide Security Engineering Expertise for PGT program Provide regular updates to Information Security Leadership on PGT status and risks and issues Qualifications Bachelors degree in computer science (or equivalent) is required

Overview The Information Security Assessment Lead is responsible for safeguarding PepsiCo's digital assets by assessing the cyber risk and compliance of new and changing systems against information security requirements and managing risks associated with IT and Information Security systems throughout the project lifecycle. The ISA Lead will collaborate with various security teams and businesses to facilitate compliance with Information Security standards, provide technical guidance for key strategic initiatives, and drive the secure delivery of technology solutions within PepsiCo. The role heavily focuses on security risk-based assessments, and data-driven decision-making and automation. Responsibilities Security Design ExpertiseProven track record in assessing security designs, including data flow diagrams, architectural blueprints, low-level designs, networking diagrams, authentication mechanisms, and authorization schemes. Must demonstrate experience in aligning these designs with industry standards such as NIST 800-53, ISO 27002, CIS, and OWASP to ensure robust security postures. Skilled at identifying potential security gaps and implementing best practices to fortify system architectures against emerging threats. Familiarity with the latest security tools and technologies, as well as experience in integrating security measures into complex IT environments, is essential. Compliance AssessmentAssess new and changing application designs and requirements to ensure compliance with PepsiCo information security standards. Risk CommunicationIdentify, quantify, and communicate technology risks impacting the business, recommending resolutions and identifying root causes. Explain scan results (infrastructure, applications, databases) and pen testing results to stakeholders. Threat ModelingUtilize expert knowledge in threat modeling techniques and methodologies to proactively identify, assess, and prioritize security risks, enabling the organization to implement targeted mitigation strategies and maintain a robust information security posture. Project Lifecycle ReviewsReview IT and Information Security systems throughout the project lifecycle, identifying risks and security requirements, and recommending paths to eliminate identified risks and implement compensating controls. Automated Risk AssessmentsConduct risk-based assessments using automated tools and techniques to prioritize and address security risks. Collaboration and EducationCollaborate with various IT and Business teams to ensure they are knowledgeable about Information Security processes and requirements, influencing them to eliminate or reduce risks. ServiceNow UtilizationExperience using ServiceNow to gather necessary information and data, automating security assessment processes to enhance efficiency and effectiveness. Metrics Management and ReportingManage operational metrics related to the ISA and GRC processes, utilizing Power BI for advanced reporting, tracking project progress, and developing corrective action plans. Process Improvement and Proactive SecurityGovern Information Security services from the ISA, tracking process metrics, identifying issues, and driving process improvement initiatives. Stay updated with threat intelligence, leverage Azure and cloud security knowledge, and implement Agile and DevSecOps methodologies to integrate security into the development process. Qualifications A minimum of 8 years of experience in Information Security, IT Risk Management, or a similar role. Mandatory Technical Skills: In-depth technical experience and knowledge of infrastructure technologies, networks, web, computing, cloud services, manufacturing equipment, mobile devices, and information (cyber) security. Strong understanding of information security frameworks, regulations, and standards such as NIST 800-53, CIS, and ISO 27002. Proficient in ServiceNow, with the ability to leverage its modules for information gathering, data analysis, and automation of the ISA service. Experience in threat modeling and applying threat modeling methodologies in previous roles. Proficient in Power BI for developing reports and dashboards to support data-driven decision-making. Strong skills in developing ad hoc reports and managing metrics. Knowledge of Azure and general cloud security principles. Ability to read and explain scan (infrastructure, applications, databases) and pen testing results to technical and non-technical stakeholders, guiding them on risk and vulnerability remediation. Mandatory Non-Technical Skills: Proficient in influencing and educating stakeholders on security best practices and policies, ensuring understanding and adherence to security standards. Established a reputation as a trusted adviser, providing expert guidance on information security matters. Strong presence to represent PepsiCo Information Security in complex situations with business and IT partners. Ability to collaborate with various stakeholders, including business units and product managers.

The Global Information Security (GIS) Technology Risk Management Analyst will work with peers in Global Information Security (GIS) and across the Technology Division to ensure that third party technology risks are properly identified, assessed, monitored, and communicated in support of the overall Third Party Risk Management (TPRM) program. The Analyst will assist with the continuous improvement and daily operation of the GIS Third Party Risk Management (GIS TPRM) program. Responsibilities Include: Work with peers to identify and assess Information Security risks Conduct risk assessments using CME Groups established GIS Third Party Risk Management assessment process Collaboratively author and edit various assessment related documents including Deficiencies Observed, Summary of Work, Risk Advisory Memos, exceptions from GIS technical policies and standards, and other related output resulting from risk adjudication activities Participate in and contribute to various working groups across the Technology Division, including, but not limited to, Third Party Risk Management working group, Governance, Risk Management, and Compliance (GRC) working group, etc. Assist the GIS TPRM function with: Continuous improvement and maturation of the methods, instrumentation, training, documentation, and processes required to properly manage third party technology risks Providing advisory and consulting services to the Information Technology Management Team related to InfoSec risks, treatment strategies, and decision-making Assist in the preparation of management reports, presentations, metrics, and other documentation required to support governance functions Assist in compiling and delivering business and operational metrics at regular intervals Promoting a culture of risk awareness and accountability through training, education, and risk management consultative support Problem Solving: Objectively assess the impact, likelihood, and velocity of identified risks Objectively advise on any number of controls that will mitigate risk while not imposing undue burden on those who must implement the controls Drive objectivity and build consensus among stakeholders with widely divergent perspectives and drivers Rapidly analyze complex technical details Synthesize detailed analysis into a big picture view that can be easily understood by non-technical stakeholders in order to support risk-based decision-making for senior managers within the company Decision Making: Recommend risk treatment decisions Recommend remediation actions when risk mitigation is desired Recommend improvements to methods, instrumentation, training, documentation, and processes Recommend solutions for automating and streamlining GIS TPRM risk management practices Working Relationships: Interacts with peers across all elements of the Technology Division Communicate regularly with cross-functional peers outside of the Technology Division, including Legal, Information Governance, Global Operations, Global Assurance (Internal Audit), Enterprise Risk Management, Third Party Risk Management, and other business unit leadership Interact occasionally with industry peers from other Systemically Important Financial MarketUtilities(SIFMUs),research organizations, solution providers, etc. Required Experience: Bachelors Degree or equivalent experience Minimum of 1 to 3 years of relevant experience in publicly traded companies or finance/technology industry operations with third party risk management experience a plus Experience in at least two of the following: InfoSec (Operations, Program Management, Governance, Risk Management, etc.), Enterprise Architecture, Identity & Access Management, Application Development, Infrastructure & Operations, IT Compliance, or Internal Audit Experience working with industry based information security and / or control frameworks (NIST Cyber Security Framework, ISO 27002, COBIT, etc.) Demonstrable knowledge of a broad range of InfoSec technologies and practices Demonstrable, impeccable writing skills for technical, management, and executive audiences Additional preferred experience: Demonstrable knowledge of InfoSec risk management methods and practices Experience with operating GRC solutions Professional certification in InfoSec or Risk Management (such as CRISC, CISM, CISSP, CGEIT, CISA, etc.)

Hi, Wishes from GSN!!! Pleasure connecting with you!!! We been into Corporate Search Services for Identifying & Bringing in Stellar Talented Professionals for our reputed IT / Non-IT clients in India. We have been successfully providing results to various potential needs of our clients for the last 20 years. Who are we looking for? The Junior Assessor aids in collecting evidence and coordinating internal and external audits. This role collaborates closely with control owners to gather necessary artifacts and supports the review process under the direction of senior team members. 1. WORK LOCATION : BANGALORE 2. Job Role: GRC CONSULTANT 3. EXPERIENCE : 3-5 yrs 4. CTC Range: Rs. 10 LPA to Rs. 15 LPA 5. Work Type : WFO (5 Days in Office) ****** Looking for SHORT JOINERS ****** Job Description : Key Responsibilities: Collaborate with control owners to gather evidence and walkthrough documentation for ISO 27001, SOX, SOC 1/SOC 2, and other audits. Work with Application development, operations, and Infrastructure support teams. Contact control owners to request evidence aligned with audit controls. Organize and track evidence submissions. Conduct initial review of evidence for completeness. Maintain audit logs and evidence repositories. Escalate unclear or incomplete submissions to the Senior Assessor or Lead. Required Skills: 3+ years of experience in audit coordination, IT compliance, or operations . Solid understanding of audit evidence types (e.g., logs, screenshots, reports). Detail-oriented and proactive in following up. Strong organizational and communication skills. Proficiency in Excel, SharePoint, and GRC tools. Eager to learn audit/control concepts. ****** Looking for SHORT JOINERS ****** If interested, dont hesitate to click APPLY for IMMEDIATE response. Best Wishes, GSN HR | Google review : https://g.co/kgs/UAsF9W

Strong knowledge of Oracle Fusion Financial Cloud modules General Ledger, Fixed Assets, Payables, Receivables, Oracle GRC Strong process knowledge of Record to Report, Procure to Pay and Order to Cash processes, FCCS and ARCS will provide you an edge

Consultant/Senior Consultant || SOX || Gurgaon || (Immediate joiners preferred) What are we looking out for: Skilled and detail-oriented SOX Compliance and Internal Audit Consultant who will play a critical role in ensuring compliance with SOX requirements through the design, execution, and assessment of internal controls over financial reporting (ICFR). Job Profile (Non IT SOX): Responsible for executing client-related engagements in the areas of SOX 404 & Clause 49 assistance, Governance, Risk & Compliance (GRC), Internal Audits, Process Reviews, Standard Operating Procedures,. Responsible to discuss with risk owners for identification and assessment of key risks and development of mitigation plans Perform gap assessments by conducting detailed walkthroughs with process owners and identifying opportunities for automation, process transformation Review and assess the design of internal controls to ensure they address key risks and comply with SOX requirements. Develop detailed process narratives, risk control matrices (RCMs), and flowcharts. Information Produced by the Entity (IPE) Testing - Evaluate the reliability of information used in the execution of controls; perform detailed testing to validate the accuracy, completeness, and integrity of IPEs; ensure that data sources and logic align with control objectives. Management Review Controls (MRC) testing Test the design and operating effectiveness of Managements review of financial and operational data; evaluate the documentation, criteria, and frequency of management reviews; assess the quality of evidence and identify any gaps in the review process. Working on SOX readiness Assess the existence, efficiency, and effectiveness of the SOX control environment by directing control/process optimization. Collaborate with cross-functional teams, including accounting, IT, and operations, to ensure control objectives are met. Assist clients in preparation for external audits by addressing auditor inquiries and providing necessary documentation. Inspect companys policies and procedures; perform evaluation of control design; and carry out assessment of the effectiveness of company internal controls concerning business processes and systems. Review of working papers & client folders. Suggest ideas on improving engagement productivity and identify opportunities for improving client service. Create/manage status trackers and report the statuses and/or challenges to the Project Manager/Director, clients and all other stakeholders over status calls. Ensure compliance with engagement plans and internal quality & risk management procedures. Keep abreast of emerging technologies with the IT environment and help in developing audit plans to counter whatever risks that might be associated with the application of such technologies. Assist seniors & managers in developing new methodologies and internal initiatives. Create a positive learning culture, coach, counsel and develop junior team members. Attention to detail and mentor young interns and analysts within the practice. Perform other duties that may be assigned by management. Qualification: Graduate/ Post-Graduates

As an experienced professional with 12-15 years of expertise in GRC & IT Support, you will be responsible for overseeing various key aspects of Enterprise Risk Management (ERM), Business Continuity Planning (BCP), Internal Audit Processes, Vendor Risk Management (VRM), and Policy Development & Implementation. Your primary responsibilities will include providing support for ERM, BCP, Internal Audit, Vendor Risk Management, and Policy Programs. For ERM, you will collaborate with Functional Risk Champions and Risk Liaisons, drive Risk Mitigation Plans, and ensure timely reporting. In the realm of BCP, you will be tasked with maintaining Critical Resources Lists, conducting BCP Mock Drills, organizing workshops, and raising awareness through initiatives. Additionally, you will play a crucial role in developing, maintaining, and implementing relevant policies and procedures, assisting with Internal Audits and Compliance Assessments, managing Vendor Risk Assessments, and devising effective Mitigation Strategies. Furthermore, you will be expected to serve as a backup resource for other team members when necessary.,

As a Manager in Risk Consulting - Internal Audit at EY, you will be part of a team dedicated to transforming businesses by utilizing the power of people, technology, and innovation. Your role will involve identifying and managing risks to help clients make informed decisions that align with their long-term business strategies and objectives. You will work with clients in various sectors, including financial services, to address key risk areas and enhance their risk management processes. Your responsibilities will include conducting internal audits, SOX/ IFC/ ICFR assessments, risk management evaluations, process reviews, data analytics, and other governance, risk, and compliance engagements. You will be responsible for executing end-to-end internal audits, preparing risk and control matrices, assessing control effectiveness, and providing valuable recommendations to clients. Additionally, you will contribute to business development activities, lead proposals, and ensure compliance with quality and risk management policies. To excel in this role, you should possess strong leadership skills, the ability to work both independently and as part of a team, and excellent communication skills. You will be expected to lead teams, provide guidance to team members, contribute to knowledge sharing initiatives, and demonstrate innovation in proposing new solutions. Proficiency in MS Office tools, data analytics, and a proactive approach to identifying and addressing risks are essential for success in this position. The ideal candidate will hold a CA or MBA qualification with 5-7 years of relevant work experience. Candidates with Forensic Audit experience are also encouraged to apply. EY is looking for individuals who can collaborate effectively across departments, provide practical solutions to complex problems, and maintain a positive and adaptable mindset. If you are passionate about building a better working world and possess the skills and qualities we are looking for, we encourage you to apply and be a part of our team.,

Reports to: PMO Lead / Delivery Head / Partner Job Objective: To support the planning, coordination, and governance of multiple cyber security engagements through standardized project management practices. The role involves working with internal teams and clients to ensure timely and quality delivery of audits, assessments, and compliance projects including ITGC, SOC 2, ISO 27001, VAPT, and regulatory framework implementations. Key Responsibilities: Coordinate and track the progress of multiple client engagements and internal projects across cyber security services. Support project planning activities, including creation of project plans, timelines, and resource allocation schedules. Maintain project documentation including status reports, dashboards, risk logs, and meeting notes. Assist in the monitoring of project KPIs and compliance with delivery frameworks and methodologies. Coordinate with cross-functional teams including audit, VAPT, GRC, and advisory to ensure alignment and timely execution. Serve as a liaison between client stakeholders and internal teams for effective communication and issue resolution. Support engagement closure activities such as reporting, billing inputs, and documentation archiving. Conduct follow-ups on open items, deadlines, and deliverables across ongoing projects. Identify process improvement opportunities within project governance and reporting. Candidate Requirements: 24 years of relevant experience in project coordination, PMO, or delivery support roles. Exposure to consulting, IT audit, cyber security, or technology project environments is preferred. Strong organizational and time management skills. Proficiency in MS Excel, PowerPoint, and project tracking tools (e.g., MS Project, Jira, Asana, etc.). Good communication skills (written and verbal) and ability to coordinate across multiple stakeholders. Ability to work independently and manage multiple assignments simultaneously. Attention to detail and strong documentation capabilities. Preferred Qualifications: Graduate in Engineering, Information Systems, Business Administration, or related fields. Project Mgmt. certifications is recommended or training in project management methodologies is an advantage. Familiarity with cyber security standards/frameworks (ISO 27001, SOC 2, NIST) is mandatory.

Managing GRC, IT/IS audits, Data Privacy SEBI/RBI Cyber security framework, Data privacy, GDPR NCIIPC guidelines, NIST framework Managing IT/ Technology audit Program management for DPDPA, ISO 27701:2019 compliance SIEM, PAM, DLP, EDR, DAM, AntiAPT

Role & responsibilities SAP GRC Security Experience in Leading Team and handle multiple parallel projects Experience in Multiple Implementations Experience in ECC to S4HANA role migration Excellent Business Communication Must have knowledge on User Management Role Management and GRC ARM request processing Must have experience working in Support projects and ability to communicate with end users and directly with client managers Experience in Role development GRC Ruleset Maintenance SOD Critical Risks WorkDelegate SAP Audits for Internal and External cycles Security ITGC Audit Controls Excellent knowledge of SOX Audit issues and segregation of duties SoD issues Knowledge in SAP Fiori and S4 HANA Security if preferred Experience in R3 ECC HR Portal BOBJ and BW security S4 stong in SU24 concept Experience on CUA authorization concept and support Portal authorization Transporting authorizations SE01 and troubleshooting transport issues Working with SAP tables AGR USH and USR Define scope and gather business requirements for SAP security Roles conceptual and detailed designs Must have project coordination experience Strong verbal and written communication skills Must be able to work independently Understanding of Standard SAP Business Processes Risks SOD mitigation controls educate the all stake holders Skills Mandatory Skills : SAP HANA DB Security,SAP Security Projects (Implementation-Upgrade-Rollouts),SAP Security Support (ECC-BI-HR-CRM-S/4HANA-FIORI) Preferred candidate profile

Policy & Framework Management: Define, review, and update cybersecurity policies, procedures, and standards to align with business and regulatory requirements.Regularly review and update Security Configuration Documents (SCDs).Drive the adoption and alignment of the NIST Cybersecurity Framework.Implement and manage the Unified Compliance Framework to streamline regulatory mapping.Security Controls & Automation: Conduct configuration reviews across critical systems and platforms.Lead initiatives to automate policy management and control validation.Evaluate and recommend risk management solutions and security technologies.Risk & Change Management: Perform third-party/vendor risk assessments, including onboarding, periodic review, and offboarding processes.Collaborate with IT and operations teams for firewall rule lifecycle management.Participate in and govern the Change Management process to ensure security reviews and approvals.Compliance & Audit: Ensure continuous compliance with RBI, IRDAI, UIDAI, ISO 27001, IT Act 2000, and other applicable regulatory and industry standards.Prepare, maintain, and manage documentation for internal and external audits.Track, report, and drive mitigation for audit findings and exceptions.Implement and maintain continuous compliance monitoring tools and practices.Reporting & Governance: Develop and report on cybersecurity posture to senior leadership and key stakeholders.Maintain and deliver Service Level Agreements (SLA) reports and performance metrics.Design and manage Key Risk Indicators (KRI) dashboards to support informed decision-making.Conduct periodic exception reviews and manage approval workflows. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field.6+ years of experience in cybersecurity governance, risk, and compliance (GRC).Strong understanding of NIST, ISO 27001, UCF, and regulatory standards (RBI, IRDAI, UIDAI, IT Act).Proven experience in policy lifecycle management, audit coordination, and risk assessment.Familiarity with firewall rule governance, change management, and automated compliance tools.Excellent communication, analytical, and stakeholder management skills. Preferred technical and professional experience CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer/Auditor, CGEIT

As a managing consultant, you will serve as a client-facing practitioner working collaboratively with clients to deliver high-quality solutions and be a trusted business advisor with deep understanding of SAP Accelerate delivery methodology or equivalent and associated work products. You will lead design workshops, support business development activities and mentor and coach team members to develop their skills and knowledge. There are opportunities for you to acquire new skills, work across different disciplines, take on new challenges, and develop a comprehensive understanding of various industries. There are opportunities for you to acquire new skills, work across different disciplines, take on new challenges, and develop a comprehensive understanding of various industries. Your primary responsibilities include: Strategic SAP Solution LeadershipLeading the technical design, development, and implementation of SAP solutions for simplicity, amplification, and maintainability that meet client needs. Team Delivery leadershipLead and manage high performing team of SAP consultants to deliver work products on time, budget, and quality. Comprehensive Solution DeliveryInvolvement in strategy development and solution implementation, leveraging your functional expertise of SAP with clients and team members and working with the latest technologies Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Overall, 5 - 12 years of relevant experience in SAP BODS/BOIS/SDI/SDQ and 3+ Years of SAP functional experience specializing in design and configuration of SAP BODS/HANA SDI modules. Experience in gathering business requirements and should be able to create requirement specifications based on Architecture/Design/Detailing of Processes. ‘Should be able to prepare mapping sheet combining his/her Functional and technical expertise. All BODS Consultant should primarily have Data migration experience from Different Legacy Systems to SAP or Non-SAP systems. Data Migration experience from SAP ECC to S/4HANA using Migration Cockpit or any other methods. In addition to Data Migration experience, Consultant should have experience or Strong knowledge on BOIS (BO Information Steward) for data Profiling or Data Governance Preferred technical and professional experience Having BODS Admin experience/Knowledge. Having working or strong Knowledge of SAP DATA HUB. Experience/Strong knowledge of HANA SDI (Smart data Integration) to use this as an ETL and should be able to develop flow graphs to Validate/Transform data. Consultant should Develop Workflows, Data flows based on the specifications using various stages in BODS

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L2 Analyst has responsibility to closely track the incidents and support for closure. 10.Working with logsource and usecase management in integrating log sources and developing & testing usecase 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Developing SOP / instruction manual for L1 team 13.Guiding L1 team for triage/analysis and assist in clousure of cybersecurity alert and incidents 14.Handle XDR alerts and followup with customer team for agent updates 15.Escalate more complex incidents to L3 SME for deeper analysis. Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.3-5 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques. Preferred technical and professional experience Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications

Lead the technical design and implementation of SAP solutions for simplicity, amplification, and maintainability. Work from strategy development to solution implementation using your knowledge of SAP and working with the latest technologies such as S4Hana. Partner with a cross-functional global team to ensure customer success in an agile environment Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Must have experience on SAP Solution Manager for the following: Administration of existing SAP Systems in a 24X7-support model Handled administration of SAP may include SAP ECC, CRM, PI/PO, BW/BI, GRC, FIORI, HANA, -Net weaver, SSO, Portal, Net Weaver components, and Open text and Solution Manager. Must have SAP Solution Manager Configuration (eg CHaRM Configuration) Experience have experience in Real world SAP HANA BASIS Preferred technical and professional experience S/4 HANA certification and implementation project is a plus Must have SAP Solution Manager Configuration (eg CHaRM Configuration

Sr. Associate - ISO Audit Information Secuity: Elevate Your Impact Through Innovation and Learning Evalueserve is a global leader in delivering innovative and sustainable solutions to a diverse range of clients, including over 30% of Fortune 500 companies. With a presence in more than 45 countries across five continents, we excel in leveraging state-of-the-art technology, artificial intelligence, and unparalleled subject matter expertise to elevate our clients' business impact and strategic decision-making. Our team of over 4, 500 talented professionals operates in countries such as India, China, Chile, Romania, the US, and Canada. Our global network also extends to emerging markets like Colombia, the Middle East, and the rest of Asia-Pacific. Recognized by Great Place to Work in India, Chile, Romania, the US, and the UK in 2022, we offer a dynamic, growth-oriented, and meritocracy-based culture that prioritizes continuous learning and skill development and work-life balance. What you will be doing at Evalueserve : Conducting external and internal audits utilizing ISO 27001:2022, ISO 22301:2019, SOC Assessment, NIST CSF, and other standards / frameworks for general security controls Implementing and maintaining ISMS and BCMS or other standard / framework requirements globally Operating the Archer platform and ensuring user access, data feeds, workflows, and configurations are updated Providing information security-related support to users and solving their queries Responding to MSA / RFI / SOW or other security queries from customers / stakeholders Contributing to information security documentation, which includes the creation, review, and update of various IS / BCP / BIA / cybersecurity policies, procedures, guidelines, awareness newsletters, posters, etc. Conducting gap assessments and providing necessary feedback on identified risks based on the information security management system Auditing and implementing security controls over real-time networking environments, including network devices (routers, firewalls, switches, etc.), servers (Windows, Linux, MacOS, Solaris, etc.), cloud workloads, and applications Analyzing data security controls to identify weaknesses and design strategies to address gaps and non-compliance across multiple projects Preparing periodic dashboards of security audits and sharing them with senior management Developing information security processes and procedures in line with standards and best practices Managing information security-related incidents Investigating, documenting, and reporting any information security-related issues Acting as an Information Security team representative during calls with clients and stakeholders What were looking for: Any technical graduate from a reputed institute with 36 years of experience in the information security domain A proven track record in information security and audit management, including risk assessment, incident response, and security awareness training Strong knowledge of the Archer platform, including configuration, workflows, and data feeds (Archer certification is a plus) Considerable experience in planning and implementing security standards such as ISO 27001:2022, ISO 22301/2019, and SOC1 and 2 Strong understanding of GRC principles, frameworks, and methodologies A lead auditor / implementer of ISO 27001:2022 and ISO 22301:2019 standards and CISA / CISSP certified will be preferred Can do attitude and ability to take initiatives Positive and strong analytical thinking and ability to collaborate effectively and efficiently within a small, hybrid team Flexibility and ability to work in a self-directed environment, collaborate with others, and seek guidance when needed Ability to work independently and as part of a team Experience of working in global organizations and navigating through cross-border cultures Follow us on https://www.linkedin.com/compan y/evalueserve/ Click here to learn more about what our Leaders talking on achievements AI-powered supply chain optimization solution built on Google Cloud. How Evalueserve is now Leveraging NVIDIA NIM to enhance our AI and digital transformation solutions and to accelerate AI Capabilities . Know more about how Evalueserve has climbed 16 places on the 50 Best Firms for Data Scientists in 2024! Want to learn more about our culture and what its like to work with us? Write to us at: careers@evalueserve.com Disclaimer: The following job description serves as an informative reference for the tasks you may be required to perform. However, it does not constitute an integral component of your employment agreement and is subject to periodic modifications to align with evolving circumstances. Please Note : We appreciate the accuracy and authenticity of the information you provide, as it plays a key role in your candidacy. As part of the Background Verification Process, we verify your employment, education, and personal details. Please ensure all information is factual and submitted on time. For any assistance, your TA SPOC is available to support you .