354 Hitrust Jobs - Page 3

Security Trust Analyst1 Job Title: Security Trust Analyst Location: Bangalore, India Work Mode: Hybrid (Minimum 2 days/week from office) About the Role We are seeking a Security Trust Analyst to join our Global Trust Office as an individual contributor. In this hands-on role, you will work closely with sales teams and internal security functions to demonstrate that our security and compliance controls meet industry-leading standards. You will also engage with cross-functional stakeholders across Compliance, Legal, Privacy, Product, and Engineering teams. The ideal candidate is detail-oriented, collaborative, and passionate about cybersecurity and compliance, with a strong understanding of industry frameworks such as ISO 27001, PCI DSS, and AICPA SOC . Key Responsibilities Perform first-line review of incoming Trust Office cases in Salesforce, validate case accuracy, and assign for further action. Respond to requests from internal sales teams regarding security and compliance inquiries from customers and prospects. Prepare and distribute weekly reports from Salesforce. Manage distribution of Security and Trust Assurance Packets (STAP) to customers and prospects. Collaborate with internal teams (Security, Product, Engineering, etc.) to communicate and support DocuSigns compliance posture. Contribute to continuous improvement initiatives within the Global Trust Office. Perform additional tasks and responsibilities as assigned. Support after-hours requests on an as-needed basis. What Youll Bring Basic Qualifications: Bachelors degree or equivalent work experience in Computer Science, Cybersecurity, GRC (Governance, Risk & Compliance), or related field. Minimum 2 years of relevant experience in cybersecurity or compliance-related roles. Familiarity with security and compliance frameworks such as:SSAE16, ISO 27001, NIST, PCI DSS, SOC, SIG, CSA, HIPAA, HITRUST, FedRAMP. Experience working in a SaaS or cloud solutions environment. Proficiency with Salesforce and Google Workspace tools. Strong analytical, communication, and presentation skills. Detail-oriented with excellent organizational and time management skills. Comfortable working across cross-functional teams and stakeholders. Strong passion for continuous learning and improvement. Understanding of the role of supply chain security in customer assurance. Work Environment Hybrid Work Model: This is a hybrid position requiring a presence in the Bangalore office a minimum of 2 days per week , with flexibility for remote work based on team and business needs. Location - Pune,Hyderabad,Kolkata,Jaipur,Chandigarh

Position: Cyber Security Engineer Experience Range: 3 to 5 yrs Job Location: Bangalore Work Mode: Hybrid (3 days in the office, 2 days remote) Job Summary Anumana is seeking a skilled and motivated Cybersecurity Engineer to ensure the security, integrity, and compliance of our Software as a Medical Device (SaaMD) products. This position is critical in maintaining our adherence to global security standards and regulations, specifically ISO/IEC 27001, ISO/IEC 27002, and ISO 13485. You will play a key role in implementing and monitoring security controls throughout the software development lifecycle while ensuring that our systems meet the highest standards of security and quality. Additionally, you will support audits, create threat models, conduct penetration testing, and produce comprehensive reports. Key Responsibilities: Security Control Implementation Design, implement, and monitor security controls within the SaaMD development lifecycle. Ensure security controls align with ISO/IEC 27001, 27002, and ISO 13485 standards. Collaborate with software development teams to integrate security best practices throughout the development pipeline. Provide guidance on secure coding practices, vulnerability management, and secure software development principles. Maintain a risk-based approach to security, identifying potential threats and vulnerabilities early in the development lifecycle. Compliance & Audit Support Provide evidence of implemented controls and participate in internal and external audits for ISO/IEC 27001 and 27002. Collaborate with Quality and Regulatory teams to ensure ongoing compliance with ISO 13485. Develop and maintain documentation, policies, and procedures to demonstrate compliance with relevant standards. Implement and manage a robust change management and documentation process to align with audit requirements. Threat Modeling & Penetration Testing Create, maintain, and refine threat models to identify security vulnerabilities, using tools like LucidChart. Conduct penetration testing and security assessments using tools such as BurpSuite, nmap, Wireshark, and Deptrack. Regularly perform static and dynamic analysis to identify potential vulnerabilities in the software. Vulnerability Management Conduct vulnerability scans and assessments using tools like Grype, Dockle, and Trivy. Work with development teams to triage and prioritize vulnerabilities for remediation. Track and document vulnerabilities through their lifecycle from identification to resolution. Develop and maintain a comprehensive vulnerability management process, including reporting metrics and key performance indicators (KPIs). Reporting & Communication Create detailed security assessment and penetration testing reports, including actionable remediation recommendations. Communicate findings and collaborate with cross-functional teams to ensure vulnerabilities are addressed. Provide regular updates to management on security posture, vulnerability trends, and remediation efforts. Security Awareness & Training Contribute to the development and delivery of security awareness training for software development teams. Advocate for a culture of security within the organization, promoting adherence to security best practices. Preferred: Professional certifications such as CISSP, CEH, OSCP, CISM, or ISO/IEC 27001 Lead Implementer. Experience in security in highly regulated environments, especially SaaMD or healthcare applications. Knowledge of risk management frameworks (NIST, HITRUST) and cybersecurity standards. Experience with Continuous Integration/Continuous Deployment (CI/CD) pipelines and DevOps environments. Required Qualification: Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience). 3+ years of experience in cybersecurity engineering, preferably within the medical device or healthcare sector. In-depth knowledge of ISO/IEC 27001, 27002, and ISO 13485 standards and requirements. Experience with threat modeling and penetration testing methodologies and tools (e.g., BurpSuite, nmap, Wireshark, LucidChart). Hands-on experience with vulnerability assessment tools such as Grype, Dockle, Trivy, and Deptrack. Strong understanding of secure software development practices, including secure coding and DevSecOps principles. Experience in providing evidence for security audits and ensuring regulatory compliance. Familiarity with cloud security best practices, container security, and modern development environments (e.g., Docker, Kubernetes). Benefits: Be a part of “Google of biomedicine” as recognized by the Washington Post Work with some of the brilliant minds of the world solving exciting real-world problems. Our benefits package includes the best of what leading organizations provide, such as stock options, paid time off, healthcare insurance, gym/broadband reimbursement.

About Synclature: Established in 2013, Synclature is a Cybersecurity and risk advisory consulting firm with offices in Mumbai and Singapore, proudly serving clients in over 10 countries. At Synclature, we are committed to delivering advanced information security solutions tailored to meet each client’s unique needs. We specialize in the implementation and assurance of top security standards and frameworks, including ISO 27001, ISO 27701, SOC 2 Type II, NIST CSF, HIPAA, HITRUST, and PCI DSS. Our team is highly skilled in conducting IT General Control (ITGC) and IT Application Control (ITAC) audits, as well as vulnerability assessments and penetration testing, ensuring our clients achieve the highest levels of security and compliance. Job Summary: We are looking for a proactive and target-driven Business Development Executive with a strong background in selling Cybersecurity solutions , particularly VAPT services and GRC consulting offerings . The ideal candidate will have hands-on experience in B2B sales, a good technical understanding of security solutions, and the ability to close complex deals with enterprise clients. Roles and Responsibility: Drive end-to-end sales o f Cybersecurity services including VAPT assessments, Risk advisory, and GRC solutions . Identify, qualify, and pursue new leads and opportunities across industries. Understand customer pain points and align Synclature’s solutions accordingly. Work with internal technical teams to create custom proposals and conduct solution demos. Build strong client relationships with key stakeholders like CISOs, IT Heads, and Compliance Officers. Achieve or exceed quarterly and annual revenue targets. Maintain accurate records of leads, opportunities, and client interactions in the CRM system. Stay updated on evolving Cybersecurity trends, compliance requirements, and competitive landscape. Represent Synclature at industry events, webinars, and client meetings. Requirements: Bachelor’s degree in Business, IT, Computer Science, or related field. 3–5 years of B2B sales experience in Cybersecurity , with a focus on VAPT and GRC services . Knowledge of compliance frameworks such as ISO 27001, NIST, SOC 2, GDPR, PCI-DSS, HIPAA , etc. Excellent communication, presentation, and negotiation skills. Strong technical aptitude with the ability to translate customer needs into security solutions. Prior experience working with Cybersecurity consulting or MSSP firms. Work Location: Andheri East Work from Office only

Job Description About Us : Tsaaro is dedicated to Data Privacy and Security as its core focus. Our team comprises specialized data privacy consultants, information security experts, and penetration testers, all working to empower our clients with seamless and highly efficient security solutions. Our approach is centered around customization, understanding the unique needs of each organization, and finding solutions that align with their budget and resource constraints. At Tsaaro, we adopt a pragmatic, risk-based strategy to deliver practical and effective advice. By providing real-world guidance, support, and actionable recommendations, we confidently equip our clients to address a broad spectrum of security and privacy challenges. Responsibilities As a Senior Data Privacy Consultant, you will be entrusted with the following key responsibilities: Design and implement data protection and privacy programs that cater to our clients' specific business needs, ensuring their sensitive information is well safeguarded. Evaluate and assess our clients' data protection and privacy practices, offering valuable insights and actionable recommendations for continual improvement. Demonstrate expertise in various standards, such as ISO 27001/2, ISO 22301, ISO 27018, NIST standards on Cyber Security, HITRUST, ISO 27701, etc., to assist clients in compliance and governance. Provide guidance and support to clients in adhering to a complex web of national and international laws and regulations, including the EU General Data Protection Regulation (GDPR) and other privacy laws. Assist in preparing policies, reports, and schedules for clients and relevant stakeholders, ensuring clear communication and alignment with industry best practices. Conduct thorough audits of Privacy controls to monitor program effectiveness and compliance, ensuring data protection is at its optimal level. Utilize online tools to facilitate Incident Management and Data Subject Rights processes, ensuring efficient and timely responses to potential data incidents. Foster and maintain productive working relationships with client personnel, promoting effective collaboration and understanding of their specific needs. Demonstrate a strong commitment to adhering to workplace policies and procedures, maintaining the highest standards of professionalism and confidentiality. Contribute to cybersecurity engagements, developing cybersecurity strategies, governance, risk, and compliance activities, and cybersecurity policies in line with ISO 27001 and ISO 27701. Perform Gap Assessments, Risk Assessments, ISMS Documentation, Internal Audits, and support during Certification Audits to strengthen overall security frameworks. Requirements To be considered for this role, the candidate must meet the following requirements: Possess a sound knowledge of fundamentals of information security systems. Have 2-3 years of relevant experience in the field. Demonstrate proficiency in standards such as ISO 27001/2, ISO 22301, ISO 27018, NIST standards on Cyber Security, HITRUST, ISO 27701, etc. Exhibit a good understanding of GDPR, CCPA, or other privacy laws. Display competence in governance and reporting, as well as a strong grasp of cyber and privacy risks. Hold relevant qualifications such as CIPM, CIPT, CIPP/E. Showcase excellent communication skills, both written and verbal. Benefits Competitive salary and performance-based bonuses. Professional development opportunities, including training and certifications. Flexible working hours. Collaborative and inclusive work environment. Opportunity to work with a passionate team dedicated to making a difference in data privacy and security. check(event) ; career-website-detail-template-2 => apply(record.id,meta)" mousedown="lyte-button => check(event)" final-style="background-color:#6875E2;border-color:#6875E2;color:white;" final-class="lyte-button lyteBackgroundColorBtn lyteSuccess" lyte-rendered="">

As a highly organized Cybersecurity Officer at AmeriPharma, you will play a crucial role in managing system-wide healthcare compliance, information security, and privacy regulations. Reporting to the Director of Regulatory Affairs, you will be responsible for ensuring regulatory excellence, information security, and adherence to federal and state laws. Your primary focus will be on fostering a culture of accountability, trust, and risk management across all IT infrastructures. Your duties will involve developing and managing a comprehensive cybersecurity program in compliance with regulations such as HITECH, providing cybersecurity support during software and network development, conducting security and risk assessments, and managing annual risk assessments, vulnerability management, and penetration testing. You will also be responsible for implementing security measures, overseeing compliance with patient data protection regulations, and managing cyber threats, incident response, and forensic investigations. To be successful in this role, you must have expertise in HIPAA, HITECH, HITRUST, and cybersecurity frameworks, along with extensive experience in risk management, information security, and regulatory compliance auditing. Strong technical knowledge in network security, cloud security, and identity access management is essential, as well as exceptional communication skills and the ability to make strategic, data-driven decisions in high-pressure environments. You will collaborate with IT teams to improve security controls across cloud, network, and endpoints, lead cybersecurity awareness training programs for employees, align cybersecurity initiatives with business objectives, and innovate in cybersecurity frameworks, AI-driven threat detection, and cloud security. Additionally, you will engage with industry leaders and regulatory bodies on emerging cybersecurity threats and develop and test software applications using Agile methodologies. The ideal candidate will have a Bachelor's degree in Computer Science, Information Technology, or a related field, along with certifications such as CompTIA A+, Network+, CISSP, CCNA, MSCE, or MCSD. A minimum of 4 years of experience in Engineering, Software Engineering, or related fields is required, as well as proficiency in cybersecurity tools and platforms. If you are passionate about cybersecurity, have a strong background in regulatory compliance and risk management, and are looking for a challenging and rewarding opportunity to make a difference in healthcare IT security, we invite you to join our dynamic team at AmeriPharma.,

We are seeking a skilled and motivated Cyber Security Engineer to lead efforts in securing our Software as a Medical Device (SaaMD) offerings. This pivotal role ensures global compliance and best-in-class security practices throughout the software development lifecycle, anchored in standards like ISO/IEC 27001, ISO/IEC 27002, and ISO 13485. Key Responsibilities Security Control Implementation : Design, implement, and monitor robust security controls across the SaaMD SDLC. Align with ISO/IEC 27001, 27002, and ISO 13485 frameworks. Guide secure coding, DevSecOps practices, and vulnerability management. Apply a risk-based approach to identify and mitigate threats proactively. Compliance & Audit Readiness Support internal and external audits with detailed documentation. Collaborate with Quality & Regulatory teams for ISO 13485 compliance. Maintain audit-ready procedures and manage change documentation. Threat Modeling & Penetration Testing Develop threat models using tools like LucidChart. Conduct pen-testing via BurpSuite, nmap, Wireshark, and Deptrack. Run static and dynamic code analysis for vulnerability detection. Vulnerability Management Assess vulnerabilities using Grype, Dockle, Trivy, and Deptrack. Partner with development teams for triage and resolution. Drive remediation workflows and monitor KPIs. Reporting & Stakeholder Communication Produce detailed security assessments with actionable steps. Deliver periodic updates on security posture to leadership. Translate complex risks into business-friendly language. Security Awareness & Training Build training modules to cultivate a security-first mindset. Advocate for secure engineering culture across teams. Qualifications Required : Bachelors in Computer Science, Information Security, or relevant experience. 3+ years in cybersecurity engineering, ideally in healthcare or medical devices. Proven knowledge of ISO/IEC 27001, 27002 & ISO 13485. Hands-on expertise with LucidChart, BurpSuite, nmap, Wireshark, Deptrack. Experience with Grype, Dockle, Trivy; DevSecOps & secure coding practices. Track record in audit support and regulatory compliance. Preferred Certifications like CISSP, CEH, OSCP, CISM, or ISO/IEC 27001 Lead Implementer. Background in SaaMD or regulated industries (healthcare/pharma). Familiarity with frameworks like NIST, HITRUST, and CI/CD workflows. Skills & Traits Strong analytical, communication, and problem-solving skills. Detail-oriented with a proactive risk management approach. Team collaborator able to influence across engineering and compliance functions. (ref:hirist.tech)

As a Cloud Architect - AVP, you will be instrumental in defining and executing our AWS cloud strategy to ensure the effective deployment and administration of AWS cloud solutions. Your role will involve leading a team of AWS cloud engineers and architects, collaborating with diverse stakeholders, and utilizing your extensive expertise to promote AWS cloud adoption and innovation throughout the organization. Your primary responsibilities will include formulating and executing the company's AWS cloud strategy in alignment with business objectives, overseeing the design, architecture, and deployment of AWS cloud solutions with a focus on scalability, security, and reliability, collaborating with various teams to seamlessly integrate AWS services, evaluating and selecting appropriate AWS services and technologies, managing the migration of on-premises applications and infrastructure to AWS, establishing and enforcing AWS cloud governance, security policies, and best practices, providing technical leadership and guidance to the AWS cloud team to promote innovation and continuous enhancement, staying abreast of the latest AWS technologies and industry trends to incorporate relevant advancements into the AWS cloud strategy, and effectively communicating AWS cloud strategy, progress, and challenges to senior leadership and stakeholders. To qualify for this role, you should possess a Bachelor's or Master's degree in computer science, Information Technology, or a related field, along with a minimum of 15 years of IT experience, with at least 10 years dedicated to cloud architecture and implementation, particularly with AWS. Additionally, you should have experience with AWS cloud services SOC 2, ITIL, PCI-DSS, SAE16, ISO27001, Cobit, and/or HiTrust, cloud-native architectures, leading large-scale AWS cloud transformation projects, AWS cloud security, governance, and compliance, infrastructure as code (IaC) and automation tools such as AWS CloudFormation and Terraform, networking, storage, databases, and application development in AWS, exceptional problem-solving abilities, innovative design skills for AWS cloud solutions, strong leadership and communication capabilities, and a track record of managing and mentoring teams effectively. Preferred qualifications include being an AWS Certified Solutions Architect - Professional, experience with multi-cloud and hybrid cloud environments, familiarity with DevOps practices and tools like AWS CodePipeline and Jenkins, and knowledge of emerging technologies such as AI, ML, and IoT in relation to AWS cloud computing.,

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY GDS Consulting - Non-financial Services – Third-Party Risk Management (NFS TPRM) – Senior As part of our EY- NFS TPRM team, you will help clients enhance their business performance by translating their strategies into realities. Working with EY-high performing teams, you will help clients to grow, innovate, protect, and optimize their business performance. The opportunity We’re looking for Seniors with expertise in Third-Party Risk Management to join the leadership group of our EY- NFS TPRM team. It is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your Key Responsibilities Lead and work closely with the manager in the delivery of Third-Party Risk Management (TPRM) engagements. Lead the design and implementation of TPRM operating models, identifying, evaluating, and providing solutions to evaluate complex business and technology risks. Follow policies and procedures that support the successful implementation of TPRM operating models. Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements. Assess the application of legal and regulatory requirements to clients TPRM practices. Lead/Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes. Assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects. Demonstrate a general knowledge of market trends, competitor activities, EY products, and service lines. Build and nurture positive working relationships with clients to achieve exceptional client service. Contribute to Identifying opportunities to improve engagement profitability. Assist leadership in driving business development initiatives and account management. Participate in building strong internal relationships within EY Consulting Services and with other services across the organization. Skills And Attributes For Success Maintain an educational program to develop personal skills continually. Constantly upskilling as per market trends. Understand and follow workplace policies and procedures. Attend L&D programs and exhibit a thorough knowledge of consulting methodology and consulting attributes. Exhibit initiative and participate in corporate social and team events. To qualify for the role, you must have 4 to 8 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures). Strong understanding of the TPRM framework, Risk Management, Information Security practices. Demonstrate a good understanding of the Contract Risk Review management process. Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.). Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc. Good knowledge of privacy regulations such as GDPR, CCPA, etc. Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management. Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review. Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.). Good experience in LAN/WAN architectures and reviews. Good knowledge of incident management, disaster recovery, and business continuity management, cryptography. Good to have prior Big-4 experience. Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer Ideally, you’ll also have Project Management skills. Exposure to tools like ProcessUnity, ServiceNow, Archer. What We Look For A Team of people with enthusiasm to develop new skills and knowledge and experience to succeed and inquisitiveness to learn new things in this fast-moving environment. Actively tracks and communicates engagement performance and planning to EY engagement management, ensuring project milestones remain on track and are completed timely. Actively mentors and trains team members on Third-Party Risk Management processes, governance, and frameworks. Works cross-functionally with team members to support and drive a collaborative team environment. Creates and design effective presentations as a means for communicating project and deliverable progress to clients. Performs sophisticated data analyses to understand client s business and identify risk Executes advanced services and supervise staff in delivering essential services. Understands client s business environment and basic risk management approaches Actively participates in decision making with engagement management and seek to understand the broader impact of current decisions. Actively contributes to improving operational efficiency on projects & internal initiatives. What Working At EY Offers At EY, we’re dedicated to helping our clients, from the startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is on education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your progress with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching, and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY GDS Consulting - Non-financial Services – Third-Party Risk Management (NFS TPRM) – Senior As part of our EY- NFS TPRM team, you will help clients enhance their business performance by translating their strategies into realities. Working with EY-high performing teams, you will help clients to grow, innovate, protect, and optimize their business performance. The opportunity We’re looking for Seniors with expertise in Third-Party Risk Management to join the leadership group of our EY- NFS TPRM team. It is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your Key Responsibilities Lead and work closely with the manager in the delivery of Third-Party Risk Management (TPRM) engagements. Lead the design and implementation of TPRM operating models, identifying, evaluating, and providing solutions to evaluate complex business and technology risks. Follow policies and procedures that support the successful implementation of TPRM operating models. Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements. Assess the application of legal and regulatory requirements to clients TPRM practices. Lead/Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes. Assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects. Demonstrate a general knowledge of market trends, competitor activities, EY products, and service lines. Build and nurture positive working relationships with clients to achieve exceptional client service. Contribute to Identifying opportunities to improve engagement profitability. Assist leadership in driving business development initiatives and account management. Participate in building strong internal relationships within EY Consulting Services and with other services across the organization. Skills And Attributes For Success Maintain an educational program to develop personal skills continually. Constantly upskilling as per market trends. Understand and follow workplace policies and procedures. Attend L&D programs and exhibit a thorough knowledge of consulting methodology and consulting attributes. Exhibit initiative and participate in corporate social and team events. To qualify for the role, you must have 4 to 8 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures). Strong understanding of the TPRM framework, Risk Management, Information Security practices. Demonstrate a good understanding of the Contract Risk Review management process. Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.). Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc. Good knowledge of privacy regulations such as GDPR, CCPA, etc. Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management. Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review. Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.). Good experience in LAN/WAN architectures and reviews. Good knowledge of incident management, disaster recovery, and business continuity management, cryptography. Good to have prior Big-4 experience. Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer Ideally, you’ll also have Project Management skills. Exposure to tools like ProcessUnity, ServiceNow, Archer. What We Look For A Team of people with enthusiasm to develop new skills and knowledge and experience to succeed and inquisitiveness to learn new things in this fast-moving environment. Actively tracks and communicates engagement performance and planning to EY engagement management, ensuring project milestones remain on track and are completed timely. Actively mentors and trains team members on Third-Party Risk Management processes, governance, and frameworks. Works cross-functionally with team members to support and drive a collaborative team environment. Creates and design effective presentations as a means for communicating project and deliverable progress to clients. Performs sophisticated data analyses to understand client s business and identify risk Executes advanced services and supervise staff in delivering essential services. Understands client s business environment and basic risk management approaches Actively participates in decision making with engagement management and seek to understand the broader impact of current decisions. Actively contributes to improving operational efficiency on projects & internal initiatives. What Working At EY Offers At EY, we’re dedicated to helping our clients, from the startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is on education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your progress with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching, and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY GDS Consulting - Non-financial Services – Third-Party Risk Management (NFS TPRM) – Senior As part of our EY- NFS TPRM team, you will help clients enhance their business performance by translating their strategies into realities. Working with EY-high performing teams, you will help clients to grow, innovate, protect, and optimize their business performance. The opportunity We’re looking for Seniors with expertise in Third-Party Risk Management to join the leadership group of our EY- NFS TPRM team. It is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your Key Responsibilities Lead and work closely with the manager in the delivery of Third-Party Risk Management (TPRM) engagements. Lead the design and implementation of TPRM operating models, identifying, evaluating, and providing solutions to evaluate complex business and technology risks. Follow policies and procedures that support the successful implementation of TPRM operating models. Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements. Assess the application of legal and regulatory requirements to clients TPRM practices. Lead/Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes. Assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects. Demonstrate a general knowledge of market trends, competitor activities, EY products, and service lines. Build and nurture positive working relationships with clients to achieve exceptional client service. Contribute to Identifying opportunities to improve engagement profitability. Assist leadership in driving business development initiatives and account management. Participate in building strong internal relationships within EY Consulting Services and with other services across the organization. Skills And Attributes For Success Maintain an educational program to develop personal skills continually. Constantly upskilling as per market trends. Understand and follow workplace policies and procedures. Attend L&D programs and exhibit a thorough knowledge of consulting methodology and consulting attributes. Exhibit initiative and participate in corporate social and team events. To qualify for the role, you must have 4 to 8 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures). Strong understanding of the TPRM framework, Risk Management, Information Security practices. Demonstrate a good understanding of the Contract Risk Review management process. Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.). Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc. Good knowledge of privacy regulations such as GDPR, CCPA, etc. Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management. Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review. Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.). Good experience in LAN/WAN architectures and reviews. Good knowledge of incident management, disaster recovery, and business continuity management, cryptography. Good to have prior Big-4 experience. Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer Ideally, you’ll also have Project Management skills. Exposure to tools like ProcessUnity, ServiceNow, Archer. What We Look For A Team of people with enthusiasm to develop new skills and knowledge and experience to succeed and inquisitiveness to learn new things in this fast-moving environment. Actively tracks and communicates engagement performance and planning to EY engagement management, ensuring project milestones remain on track and are completed timely. Actively mentors and trains team members on Third-Party Risk Management processes, governance, and frameworks. Works cross-functionally with team members to support and drive a collaborative team environment. Creates and design effective presentations as a means for communicating project and deliverable progress to clients. Performs sophisticated data analyses to understand client s business and identify risk Executes advanced services and supervise staff in delivering essential services. Understands client s business environment and basic risk management approaches Actively participates in decision making with engagement management and seek to understand the broader impact of current decisions. Actively contributes to improving operational efficiency on projects & internal initiatives. What Working At EY Offers At EY, we’re dedicated to helping our clients, from the startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is on education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your progress with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching, and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY GDS Consulting - Non-financial Services – Third-Party Risk Management (NFS TPRM) – Senior As part of our EY- NFS TPRM team, you will help clients enhance their business performance by translating their strategies into realities. Working with EY-high performing teams, you will help clients to grow, innovate, protect, and optimize their business performance. The opportunity We’re looking for Seniors with expertise in Third-Party Risk Management to join the leadership group of our EY- NFS TPRM team. It is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your Key Responsibilities Lead and work closely with the manager in the delivery of Third-Party Risk Management (TPRM) engagements. Lead the design and implementation of TPRM operating models, identifying, evaluating, and providing solutions to evaluate complex business and technology risks. Follow policies and procedures that support the successful implementation of TPRM operating models. Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements. Assess the application of legal and regulatory requirements to clients TPRM practices. Lead/Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes. Assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects. Demonstrate a general knowledge of market trends, competitor activities, EY products, and service lines. Build and nurture positive working relationships with clients to achieve exceptional client service. Contribute to Identifying opportunities to improve engagement profitability. Assist leadership in driving business development initiatives and account management. Participate in building strong internal relationships within EY Consulting Services and with other services across the organization. Skills And Attributes For Success Maintain an educational program to develop personal skills continually. Constantly upskilling as per market trends. Understand and follow workplace policies and procedures. Attend L&D programs and exhibit a thorough knowledge of consulting methodology and consulting attributes. Exhibit initiative and participate in corporate social and team events. To qualify for the role, you must have 4 to 8 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures). Strong understanding of the TPRM framework, Risk Management, Information Security practices. Demonstrate a good understanding of the Contract Risk Review management process. Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.). Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc. Good knowledge of privacy regulations such as GDPR, CCPA, etc. Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management. Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review. Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.). Good experience in LAN/WAN architectures and reviews. Good knowledge of incident management, disaster recovery, and business continuity management, cryptography. Good to have prior Big-4 experience. Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer Ideally, you’ll also have Project Management skills. Exposure to tools like ProcessUnity, ServiceNow, Archer. What We Look For A Team of people with enthusiasm to develop new skills and knowledge and experience to succeed and inquisitiveness to learn new things in this fast-moving environment. Actively tracks and communicates engagement performance and planning to EY engagement management, ensuring project milestones remain on track and are completed timely. Actively mentors and trains team members on Third-Party Risk Management processes, governance, and frameworks. Works cross-functionally with team members to support and drive a collaborative team environment. Creates and design effective presentations as a means for communicating project and deliverable progress to clients. Performs sophisticated data analyses to understand client s business and identify risk Executes advanced services and supervise staff in delivering essential services. Understands client s business environment and basic risk management approaches Actively participates in decision making with engagement management and seek to understand the broader impact of current decisions. Actively contributes to improving operational efficiency on projects & internal initiatives. What Working At EY Offers At EY, we’re dedicated to helping our clients, from the startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is on education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your progress with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching, and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY GDS Consulting - Non-financial Services – Third-Party Risk Management (NFS TPRM) – Senior As part of our EY- NFS TPRM team, you will help clients enhance their business performance by translating their strategies into realities. Working with EY-high performing teams, you will help clients to grow, innovate, protect, and optimize their business performance. The opportunity We’re looking for Seniors with expertise in Third-Party Risk Management to join the leadership group of our EY- NFS TPRM team. It is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your Key Responsibilities Lead and work closely with the manager in the delivery of Third-Party Risk Management (TPRM) engagements. Lead the design and implementation of TPRM operating models, identifying, evaluating, and providing solutions to evaluate complex business and technology risks. Follow policies and procedures that support the successful implementation of TPRM operating models. Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements. Assess the application of legal and regulatory requirements to clients TPRM practices. Lead/Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes. Assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects. Demonstrate a general knowledge of market trends, competitor activities, EY products, and service lines. Build and nurture positive working relationships with clients to achieve exceptional client service. Contribute to Identifying opportunities to improve engagement profitability. Assist leadership in driving business development initiatives and account management. Participate in building strong internal relationships within EY Consulting Services and with other services across the organization. Skills And Attributes For Success Maintain an educational program to develop personal skills continually. Constantly upskilling as per market trends. Understand and follow workplace policies and procedures. Attend L&D programs and exhibit a thorough knowledge of consulting methodology and consulting attributes. Exhibit initiative and participate in corporate social and team events. To qualify for the role, you must have 4 to 8 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures). Strong understanding of the TPRM framework, Risk Management, Information Security practices. Demonstrate a good understanding of the Contract Risk Review management process. Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.). Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc. Good knowledge of privacy regulations such as GDPR, CCPA, etc. Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management. Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review. Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.). Good experience in LAN/WAN architectures and reviews. Good knowledge of incident management, disaster recovery, and business continuity management, cryptography. Good to have prior Big-4 experience. Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer Ideally, you’ll also have Project Management skills. Exposure to tools like ProcessUnity, ServiceNow, Archer. What We Look For A Team of people with enthusiasm to develop new skills and knowledge and experience to succeed and inquisitiveness to learn new things in this fast-moving environment. Actively tracks and communicates engagement performance and planning to EY engagement management, ensuring project milestones remain on track and are completed timely. Actively mentors and trains team members on Third-Party Risk Management processes, governance, and frameworks. Works cross-functionally with team members to support and drive a collaborative team environment. Creates and design effective presentations as a means for communicating project and deliverable progress to clients. Performs sophisticated data analyses to understand client s business and identify risk Executes advanced services and supervise staff in delivering essential services. Understands client s business environment and basic risk management approaches Actively participates in decision making with engagement management and seek to understand the broader impact of current decisions. Actively contributes to improving operational efficiency on projects & internal initiatives. What Working At EY Offers At EY, we’re dedicated to helping our clients, from the startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is on education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your progress with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching, and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY GDS Consulting - Non-financial Services – Third-Party Risk Management (NFS TPRM) – Senior As part of our EY- NFS TPRM team, you will help clients enhance their business performance by translating their strategies into realities. Working with EY-high performing teams, you will help clients to grow, innovate, protect, and optimize their business performance. The opportunity We’re looking for Seniors with expertise in Third-Party Risk Management to join the leadership group of our EY- NFS TPRM team. It is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your Key Responsibilities Lead and work closely with the manager in the delivery of Third-Party Risk Management (TPRM) engagements. Lead the design and implementation of TPRM operating models, identifying, evaluating, and providing solutions to evaluate complex business and technology risks. Follow policies and procedures that support the successful implementation of TPRM operating models. Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements. Assess the application of legal and regulatory requirements to clients TPRM practices. Lead/Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes. Assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects. Demonstrate a general knowledge of market trends, competitor activities, EY products, and service lines. Build and nurture positive working relationships with clients to achieve exceptional client service. Contribute to Identifying opportunities to improve engagement profitability. Assist leadership in driving business development initiatives and account management. Participate in building strong internal relationships within EY Consulting Services and with other services across the organization. Skills And Attributes For Success Maintain an educational program to develop personal skills continually. Constantly upskilling as per market trends. Understand and follow workplace policies and procedures. Attend L&D programs and exhibit a thorough knowledge of consulting methodology and consulting attributes. Exhibit initiative and participate in corporate social and team events. To qualify for the role, you must have 4 to 8 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures). Strong understanding of the TPRM framework, Risk Management, Information Security practices. Demonstrate a good understanding of the Contract Risk Review management process. Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.). Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc. Good knowledge of privacy regulations such as GDPR, CCPA, etc. Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management. Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review. Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.). Good experience in LAN/WAN architectures and reviews. Good knowledge of incident management, disaster recovery, and business continuity management, cryptography. Good to have prior Big-4 experience. Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer Ideally, you’ll also have Project Management skills. Exposure to tools like ProcessUnity, ServiceNow, Archer. What We Look For A Team of people with enthusiasm to develop new skills and knowledge and experience to succeed and inquisitiveness to learn new things in this fast-moving environment. Actively tracks and communicates engagement performance and planning to EY engagement management, ensuring project milestones remain on track and are completed timely. Actively mentors and trains team members on Third-Party Risk Management processes, governance, and frameworks. Works cross-functionally with team members to support and drive a collaborative team environment. Creates and design effective presentations as a means for communicating project and deliverable progress to clients. Performs sophisticated data analyses to understand client s business and identify risk Executes advanced services and supervise staff in delivering essential services. Understands client s business environment and basic risk management approaches Actively participates in decision making with engagement management and seek to understand the broader impact of current decisions. Actively contributes to improving operational efficiency on projects & internal initiatives. What Working At EY Offers At EY, we’re dedicated to helping our clients, from the startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is on education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your progress with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching, and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY GDS Consulting - Non-financial Services – Third-Party Risk Management (NFS TPRM) – Senior As part of our EY- NFS TPRM team, you will help clients enhance their business performance by translating their strategies into realities. Working with EY-high performing teams, you will help clients to grow, innovate, protect, and optimize their business performance. The opportunity We’re looking for Seniors with expertise in Third-Party Risk Management to join the leadership group of our EY- NFS TPRM team. It is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your Key Responsibilities Lead and work closely with the manager in the delivery of Third-Party Risk Management (TPRM) engagements. Lead the design and implementation of TPRM operating models, identifying, evaluating, and providing solutions to evaluate complex business and technology risks. Follow policies and procedures that support the successful implementation of TPRM operating models. Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements. Assess the application of legal and regulatory requirements to clients TPRM practices. Lead/Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes. Assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects. Demonstrate a general knowledge of market trends, competitor activities, EY products, and service lines. Build and nurture positive working relationships with clients to achieve exceptional client service. Contribute to Identifying opportunities to improve engagement profitability. Assist leadership in driving business development initiatives and account management. Participate in building strong internal relationships within EY Consulting Services and with other services across the organization. Skills And Attributes For Success Maintain an educational program to develop personal skills continually. Constantly upskilling as per market trends. Understand and follow workplace policies and procedures. Attend L&D programs and exhibit a thorough knowledge of consulting methodology and consulting attributes. Exhibit initiative and participate in corporate social and team events. To qualify for the role, you must have 4 to 8 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures). Strong understanding of the TPRM framework, Risk Management, Information Security practices. Demonstrate a good understanding of the Contract Risk Review management process. Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.). Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc. Good knowledge of privacy regulations such as GDPR, CCPA, etc. Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management. Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review. Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.). Good experience in LAN/WAN architectures and reviews. Good knowledge of incident management, disaster recovery, and business continuity management, cryptography. Good to have prior Big-4 experience. Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer Ideally, you’ll also have Project Management skills. Exposure to tools like ProcessUnity, ServiceNow, Archer. What We Look For A Team of people with enthusiasm to develop new skills and knowledge and experience to succeed and inquisitiveness to learn new things in this fast-moving environment. Actively tracks and communicates engagement performance and planning to EY engagement management, ensuring project milestones remain on track and are completed timely. Actively mentors and trains team members on Third-Party Risk Management processes, governance, and frameworks. Works cross-functionally with team members to support and drive a collaborative team environment. Creates and design effective presentations as a means for communicating project and deliverable progress to clients. Performs sophisticated data analyses to understand client s business and identify risk Executes advanced services and supervise staff in delivering essential services. Understands client s business environment and basic risk management approaches Actively participates in decision making with engagement management and seek to understand the broader impact of current decisions. Actively contributes to improving operational efficiency on projects & internal initiatives. What Working At EY Offers At EY, we’re dedicated to helping our clients, from the startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is on education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your progress with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching, and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

The Information Security Analyst will play a critical role in safeguarding Greenway Health by focusing on vulnerability management. This position is responsible for identifying, assessing, prioritizing, and mitigating security vulnerabilities across our systems, applications, and infrastructure. The analyst will work closely with IT, development, and compliance teams to ensure the confidentiality, integrity, and availability of sensitive healthcare data in compliance with HIPAA and other regulatory standards. This role requires a proactive approach to staying ahead of emerging threats and maintaining a robust security posture for our EHR solutions. Essential Duties & Responsibilities Conduct regular vulnerability scans and assessments of EHR systems, applications, networks, and infrastructure (e.g., Rapid7). Analyze scan results, prioritize vulnerabilities based on risk severity, and develop remediation plans in collaboration with system owners and development teams. Track and manage vulnerabilities through their lifecycle, ensuring timely mitigation or acceptance of risks with proper documentation. Collaborate with DevOps and software development teams to integrate secure coding practices and address vulnerabilities in the software development lifecycle (SDLC). Maintain and update vulnerability management policies, procedures, and documentation to align with industry standards (e.g., NIST, HITRUST) and regulatory requirements (e.g., HIPAA). Monitor threat intelligence feeds to identify emerging vulnerabilities and threats relevant to EHR systems and recommend proactive measures. Assist in penetration testing efforts and coordinate with internal teams and external vendors to validate security controls. Provide regular reports and metrics on vulnerability management activities to leadership and compliance teams. Participate in incident response activities related to vulnerabilities and support the development of patch management strategies. Educate and train internal teams on vulnerability management best practices and secure development principles. Experience & Education High school diploma/GED. Associate degree in Technology/Computers preferred, ideally in Computer Engineering, Computer Science, or Information Systems Management or equivalent work experience in the field of Cybersecurity. Two (2) to four (4) years of experience in information security, cybersecurity, or a related role, preferably in the healthcare or technology sector. Possess current security certifications (e.g., CEH, CC, CISM, Security+) or be willing to obtain within 1 year of assignment. Experience with scripting (e.g., Python, PowerShell) for automating vulnerability management tasks is a plus. Experience working with Rapid7 InsightVM a plus. Demonstrated experience with vulnerability scanning tools (e.g., Rapid7, Nessus, Qualys) and interpreting scan results. Skills, Knowledge, And Abilities Knowledge of common vulnerability scoring systems (e.g., CVSS) and risk assessment methodologies. Understanding of secure software development practices and application security testing (e.g., SAST, DAST). Ability to work collaboratively in a cross-functional environment and communicate technical concepts to non-technical stakeholders. Ability to manage multiple priorities and meet deadlines in a fast-paced environment. Strong communication skills to convey complex security concepts to technical and non-technical audiences. Proficiency in vulnerability management processes, including identification, assessment, prioritization, and remediation. Familiarity with common security frameworks and standards (e.g., NIST 800-53, OWASP, CIS Controls). Knowledge of network protocols, operating systems (Windows, Linux), and cloud environments (e.g., AWS, Azure). Understanding of EHR system architecture and the unique security challenges in healthcare IT. Strong written and verbal communication skills for documenting findings and presenting recommendations. Ability to stay current with evolving cybersecurity threats, vulnerabilities, and mitigation techniques. Ability to recommend approaches for new or improved processes. Displays and promotes a positive attitude and possesses unwavering integrity and extraordinary adherence to high ethical standards. Ability and motivation to learn new skills as required by an evolving information security landscape. Working knowledge of and experience with the Linux operating system is a plus. Ability to perform professional tasks independently and to analyze and develop innovative solutions to complex problems. Work Environment/Physical Demands While at work, this position is primarily a sedentary job and requires that the associate can work in an environment where they will consistently be seated for the majority of the work day This role requires that one can sit and regularly type on a key board the majority of their work day This position requires the ability to observe a computer screen for long periods of time to observe their own and others’ work, as well as in-coming and out-going communications via the computer and/ or mobile devices. The role necessitates the ability to listen and speak clearly to customers and other associates The work environment is an open room with other associates and noise from others will be part of the regular work day At Greenway, we strive to imagine, empower, engage, and inspire. Join us! To learn more about Greenway, take a video tour of our office, and meet our employees, visit us at www.GreenwayHealth.com/careers. Disclaimer: This Job Summary indicates the general nature and level of work expected of the incumbent(s). It is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities required of the incumbent. Incumbent(s) may be asked to perform other duties as requested. Greenway Health, LLC is an Equal Opportunity Employer. We do not discriminate on the basis of race, religion, age, gender, national origin, sexual orientation, disability, or veteran status.

Role: GRC Lead Location: Bangalore About Us Ushur is transforming the way enterprises communicate and engage with customers. Fueled by consumer’s self-service demands, enterprises are modernizing customer engagement and experience models. Ushur is fast becoming the platform of choice for Customer Experience Automation™, enabling these enterprises to leapfrog their digital native counterparts and deliver delightful customer and employee experiences. With cutting-edge Conversational AI, Machine Learning and Intelligent Process Automation technologies, Ushur has enabled Fortune 100 enterprises including some of the world’s most well known brands in healthcare, insurance, banking and financial services sectors to automate their customer engagement. Cloud-native, 100% no-code and purely workflow-driven, Ushur empowers citizen developers within business operations teams to build AI-powered, fully-automated and omni-channel experience to digitally transform customer journeys end-to-end. Location: Bangalore Work Mode: Hybrid The Role Ushur is looking for a motivated, passionate, GRC Lead. The GRC Lead will be working with the GRC Director to implement GRC initiatives and charter for Ushur. Implement processes to ensure that protection, compliance & certifications are maintained in the organization in an ongoing manner. Where necessary, the consultant should assist the GRC director to acquire new certifications & compliances, to initiate & support ongoing audits, to mention a few. You will collaborate across various teams and offer support & guidance to product management, customer success & support, system architects, engineering development and quality assurance teams. Responsibilities ● Responsible for implementing the GRC charter in order to improve the overall security & compliance posture of the organization ● Work with external security & related disciplines consultants and will be a part of developing the security mindset of our teams ● Support & nurture regulations such as CCPA, GDPR, HIPAA, HITRUST, etc. ● Support certification and compliance audit activities e.g., SOC2, HITRUST, ISO 27001 and PCI-DSS ● Contribute towards organization security, focusing on our product & our corporate security hygiene ● Establish policies, procedures, and guidelines. ● Subject matter expert when it comes to security & GRC practices ● Continuous alignment and improvement of the GRC processes with various stakeholders, leveraging existing GRC tools in place, finding out what more is required to support our business processes and keep working around overall security governance, risk management, and various audits all year around. Qualifications ● At least 8-10 years of experience in IT with a minimum 3 years in security/ GRC ● Skills in Cloud Concepts, Cloud Security and SaaS Security ● Experience working in an AWS cloud environment is a must ● Experience in drafting policies, procedures, and reports ● Experience with Security Operations will be an advantage ● Must have performed compliance Tasks e.g., involved in assessments, risk management, audits, drafting policies, procedures, and reports ● Knowledge of organization accreditation/certifications e.g., SOC2/ ISO 27001/ PCI DSS etc. ● Knowledge of different types of frameworks, regulations, standards, and best practices e.g., NIST CSF, CSA, CIS, HITRUST etc. ● Prior experience using the GRC tool will be an advantage ● DevSecOps/ DevOps Skills ● Security Testing Knowledge e.g., SAST, DAST, VAPT etc. ● Vulnerability Management Skills ● Knowledge of Data Security and Privacy ● Knowledge of the Incident Response process ● Prior experience of involvement in control implementation will be an advantage ● Knowledge of DR, BCP, Malware campaign, advisory etc. ● Knowledge of EDR, MDR, DLP and any other endpoint protection tool ● Knowledge of any automation, standardization and templatization skills will be an advantage ● Knowledge of industry regulation on security and privacy e.g., GDPR, CCPA, DPDP etc. Benefits ● Great Company Culture. We pride ourselves on having a values-based culture that is welcoming, intentional, and respectful. ● Bring your whole self to work. We are focused on building a diverse culture, with innovative ideas where you and your ideas are valued. We are a start-up and know that every person has a significant impact! ● Rest and Relaxation. 20 days of flexible leaves per year, Monthly Wellness Day (aka a day off to care for yourself) and more! ● Health Benefits. Preventive health checkups, Medical Insurance covering the dependents, wellness sessions, and health talks at the office ● Keep learning. One of our core values is Growth Mindset - we believe in lifelong learning. Certification courses are reimbursed. Ushur Community offers wide resources for our employees to learn and grow. ● Flexible Work. In-office or hybrid working model, depending on position and location. We seek to create an environment for all our employees where they can thrive in both their profession and personal life. Why join us? We are passionate about Ushur, our product, and helping our employees grow and develop in their career in a caring, collaborative environment. We offer a very competitive compensation plan & stock options for the ideal candidates.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Third Party Risk Management - TPRM – Senior Job purpose: Senior in the Risk Advisory team to work on various TPRM projects for our customers across the globe. You will be responsible for delivering on accounts in accordance with EY quality guidelines & methodologies. You will need to execute and coordinate on accounts and relationships on a day-to-day basis and explore new business opportunities for the firm. Establishing, strengthening and nurturing relationships with clients and internally across service lines and proactively will also be a part of your day-to-day activities. You will assist in developing new methodologies and internal initiatives, and help in creating a positive learning culture by coaching, counselling and developing junior team members. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards, by reviewing the work provided by junior members. Your client responsibilities: Provide guidance and share knowledge with team members and participate in performing procedures focusing on complex, judgmental and/or specialized issues. Maintain relationships with client management to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Demonstrate strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. Understand EY and its service lines and actively assess what the firm can deliver to serve clients Assist Managers in driving the business development process on existing client engagements by gathering appropriate resources, gaining access to key contacts & assisting in proposal preparation. Assist in creating innovative insights for clients, adapt methods & practices to fit operational team needs, contribute to thought leadership documents and develop new methodologies. Facilitate discussions / knowledge sharing with key client personnel and contribute to EY thought leadership. Plan & deliver on client engagements. Provide regular status updates on engagements and work products. Demonstrate strong project management skills Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business. Demonstrate industry expertise (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices) Review status updates and prepare management presentations/audit committee presentations etc. Actively contribute to improving operational efficiency on projects & internal initiatives. Your people responsibilities: Display teamwork and integrity. Work with team members to meet committed timelines and quality on engagements Driving the quality culture agenda at GDS Manage the performance management for the direct reportees, as per the organization policies Training and mentoring of project resources Participating in the organization-wide people initiatives Mandatory skills: Strong knowledge of information security concepts, risk and controls concepts Strong knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc. Strong knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts Strong knowledge of OS (Windows / Linux) security, Database security Sound familiarity with OWASP and Secure SDLC standards / frameworks Good knowledge of IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.) Good knowledge of Security architecture design and review Good experience in LAN/WAN architectures and reviews Good knowledge on Privacy, Governance and reporting Good knowledge of anti-virus solutions (e.g. Symantec, McAfee, etc.) Knowledge of incident management, disaster recovery and business continuity management Knowledge of Cryptography Knowledge of physical and environmental security Knowledge of Asset Security and Identity and Access Management One or more certifications such as CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer Business Continuity Plans & Disaster Recovery (BCP/DR) - Conducting business Impact Analysis, Identify controls, Develop recovery strategy, plan testing, training and user awareness, and plan review and maintenance for development of effective business continuity management solutions BE/BTech/MCA with a sound industry experience of 4 to 7 Yrs Preferred skills: Strong domain experience in a specific sector Prior Client facing experience EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Third Party Risk Management - TPRM – Senior Job purpose: Senior in the Risk Advisory team to work on various TPRM projects for our customers across the globe. You will be responsible for delivering on accounts in accordance with EY quality guidelines & methodologies. You will need to execute and coordinate on accounts and relationships on a day-to-day basis and explore new business opportunities for the firm. Establishing, strengthening and nurturing relationships with clients and internally across service lines and proactively will also be a part of your day-to-day activities. You will assist in developing new methodologies and internal initiatives, and help in creating a positive learning culture by coaching, counselling and developing junior team members. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards, by reviewing the work provided by junior members. Your client responsibilities: Provide guidance and share knowledge with team members and participate in performing procedures focusing on complex, judgmental and/or specialized issues. Maintain relationships with client management to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Demonstrate strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. Understand EY and its service lines and actively assess what the firm can deliver to serve clients Assist Managers in driving the business development process on existing client engagements by gathering appropriate resources, gaining access to key contacts & assisting in proposal preparation. Assist in creating innovative insights for clients, adapt methods & practices to fit operational team needs, contribute to thought leadership documents and develop new methodologies. Facilitate discussions / knowledge sharing with key client personnel and contribute to EY thought leadership. Plan & deliver on client engagements. Provide regular status updates on engagements and work products. Demonstrate strong project management skills Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business. Demonstrate industry expertise (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices) Review status updates and prepare management presentations/audit committee presentations etc. Actively contribute to improving operational efficiency on projects & internal initiatives. Your people responsibilities: Display teamwork and integrity. Work with team members to meet committed timelines and quality on engagements Driving the quality culture agenda at GDS Manage the performance management for the direct reportees, as per the organization policies Training and mentoring of project resources Participating in the organization-wide people initiatives Mandatory skills: Strong knowledge of information security concepts, risk and controls concepts Strong knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc. Strong knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts Strong knowledge of OS (Windows / Linux) security, Database security Sound familiarity with OWASP and Secure SDLC standards / frameworks Good knowledge of IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.) Good knowledge of Security architecture design and review Good experience in LAN/WAN architectures and reviews Good knowledge on Privacy, Governance and reporting Good knowledge of anti-virus solutions (e.g. Symantec, McAfee, etc.) Knowledge of incident management, disaster recovery and business continuity management Knowledge of Cryptography Knowledge of physical and environmental security Knowledge of Asset Security and Identity and Access Management One or more certifications such as CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer Business Continuity Plans & Disaster Recovery (BCP/DR) - Conducting business Impact Analysis, Identify controls, Develop recovery strategy, plan testing, training and user awareness, and plan review and maintenance for development of effective business continuity management solutions BE/BTech/MCA with a sound industry experience of 4 to 7 Yrs Preferred skills: Strong domain experience in a specific sector Prior Client facing experience EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Third Party Risk Management - TPRM – Senior Job purpose: Senior in the Risk Advisory team to work on various TPRM projects for our customers across the globe. You will be responsible for delivering on accounts in accordance with EY quality guidelines & methodologies. You will need to execute and coordinate on accounts and relationships on a day-to-day basis and explore new business opportunities for the firm. Establishing, strengthening and nurturing relationships with clients and internally across service lines and proactively will also be a part of your day-to-day activities. You will assist in developing new methodologies and internal initiatives, and help in creating a positive learning culture by coaching, counselling and developing junior team members. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards, by reviewing the work provided by junior members. Your client responsibilities: Provide guidance and share knowledge with team members and participate in performing procedures focusing on complex, judgmental and/or specialized issues. Maintain relationships with client management to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Demonstrate strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. Understand EY and its service lines and actively assess what the firm can deliver to serve clients Assist Managers in driving the business development process on existing client engagements by gathering appropriate resources, gaining access to key contacts & assisting in proposal preparation. Assist in creating innovative insights for clients, adapt methods & practices to fit operational team needs, contribute to thought leadership documents and develop new methodologies. Facilitate discussions / knowledge sharing with key client personnel and contribute to EY thought leadership. Plan & deliver on client engagements. Provide regular status updates on engagements and work products. Demonstrate strong project management skills Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business. Demonstrate industry expertise (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices) Review status updates and prepare management presentations/audit committee presentations etc. Actively contribute to improving operational efficiency on projects & internal initiatives. Your people responsibilities: Display teamwork and integrity. Work with team members to meet committed timelines and quality on engagements Driving the quality culture agenda at GDS Manage the performance management for the direct reportees, as per the organization policies Training and mentoring of project resources Participating in the organization-wide people initiatives Mandatory skills: Strong knowledge of information security concepts, risk and controls concepts Strong knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc. Strong knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts Strong knowledge of OS (Windows / Linux) security, Database security Sound familiarity with OWASP and Secure SDLC standards / frameworks Good knowledge of IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.) Good knowledge of Security architecture design and review Good experience in LAN/WAN architectures and reviews Good knowledge on Privacy, Governance and reporting Good knowledge of anti-virus solutions (e.g. Symantec, McAfee, etc.) Knowledge of incident management, disaster recovery and business continuity management Knowledge of Cryptography Knowledge of physical and environmental security Knowledge of Asset Security and Identity and Access Management One or more certifications such as CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer Business Continuity Plans & Disaster Recovery (BCP/DR) - Conducting business Impact Analysis, Identify controls, Develop recovery strategy, plan testing, training and user awareness, and plan review and maintenance for development of effective business continuity management solutions BE/BTech/MCA with a sound industry experience of 4 to 7 Yrs Preferred skills: Strong domain experience in a specific sector Prior Client facing experience EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Third Party Risk Management - TPRM – Senior Job purpose: Senior in the Risk Advisory team to work on various TPRM projects for our customers across the globe. You will be responsible for delivering on accounts in accordance with EY quality guidelines & methodologies. You will need to execute and coordinate on accounts and relationships on a day-to-day basis and explore new business opportunities for the firm. Establishing, strengthening and nurturing relationships with clients and internally across service lines and proactively will also be a part of your day-to-day activities. You will assist in developing new methodologies and internal initiatives, and help in creating a positive learning culture by coaching, counselling and developing junior team members. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards, by reviewing the work provided by junior members. Your client responsibilities: Provide guidance and share knowledge with team members and participate in performing procedures focusing on complex, judgmental and/or specialized issues. Maintain relationships with client management to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Demonstrate strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. Understand EY and its service lines and actively assess what the firm can deliver to serve clients Assist Managers in driving the business development process on existing client engagements by gathering appropriate resources, gaining access to key contacts & assisting in proposal preparation. Assist in creating innovative insights for clients, adapt methods & practices to fit operational team needs, contribute to thought leadership documents and develop new methodologies. Facilitate discussions / knowledge sharing with key client personnel and contribute to EY thought leadership. Plan & deliver on client engagements. Provide regular status updates on engagements and work products. Demonstrate strong project management skills Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business. Demonstrate industry expertise (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices) Review status updates and prepare management presentations/audit committee presentations etc. Actively contribute to improving operational efficiency on projects & internal initiatives. Your people responsibilities: Display teamwork and integrity. Work with team members to meet committed timelines and quality on engagements Driving the quality culture agenda at GDS Manage the performance management for the direct reportees, as per the organization policies Training and mentoring of project resources Participating in the organization-wide people initiatives Mandatory skills: Strong knowledge of information security concepts, risk and controls concepts Strong knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc. Strong knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts Strong knowledge of OS (Windows / Linux) security, Database security Sound familiarity with OWASP and Secure SDLC standards / frameworks Good knowledge of IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.) Good knowledge of Security architecture design and review Good experience in LAN/WAN architectures and reviews Good knowledge on Privacy, Governance and reporting Good knowledge of anti-virus solutions (e.g. Symantec, McAfee, etc.) Knowledge of incident management, disaster recovery and business continuity management Knowledge of Cryptography Knowledge of physical and environmental security Knowledge of Asset Security and Identity and Access Management One or more certifications such as CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer Business Continuity Plans & Disaster Recovery (BCP/DR) - Conducting business Impact Analysis, Identify controls, Develop recovery strategy, plan testing, training and user awareness, and plan review and maintenance for development of effective business continuity management solutions BE/BTech/MCA with a sound industry experience of 4 to 7 Yrs Preferred skills: Strong domain experience in a specific sector Prior Client facing experience EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Responsibilities First line review of all incoming cases to the Trust Office in Salesforce. Validate each case for accuracy and prepare for pickup. Responding to requests for information from internal sales teams regarding compliance and security matters for customers and prospects. Prepare and distribute weekly reporting from Salesforce Prepare and send Security and Trust assurance packet (STAP) to customers and prospects. Additional responsibilities and tasks as required and assigned Basic Qualifications Self-starter with excellent communication, collaborative, and presentation skills Minimum of 2 years of relevant experience in computer science, cyber security, governance risk and compliance, or related domains Experience with security control frameworks (e.g. SSAE16, ISO27001, NIST, PCI, SIG, CSA, HIPAA, HITRUST, FedRamp) Experience with Salesforce and Google workspace applications. Professional communicator in both verbal and written English Understanding of compliance and cyber security implications for business Experience with SaaS and cloud solutions environments Experience working with cross functional teams Strong analytical and communication skills Strong attention to detail, excellent organizational skills, and superior time management skills A very strong passion to learn and continuously improve A willingness to contribute to team discussions and challenge views Preferred Qualifications Degree qualified or higher in a relevant field or equivalent work experience Experience working with external customers regarding their compliance assessments and controls Independently driven, resourceful, and able to deliver results with minimal oversight; Strong sense of ownership, urgency, and drive Strong business acumen with the ability to engage with technical teams to present assessment results, risks and to participate in discussions around acceptable and compensating controls Experience working hands-on with cross-functional teams in assessing processes, risks and controls

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Third-Party Risk as a Service (TPRaaS) – Staff As part of our TPRaaS team, you will help clients enhance their business performance by translating their strategies into realities. Working with EY-high performing teams, you will help clients to grow, innovate, protect, and optimize their business performance. The opportunity We’re looking for Staff with expertise in Third Party Risk Management to join the leadership group of our TPRaaS team. This is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your key responsibilities Participate in the delivery of Third-Party Risk Management (TPRM) engagements covering walkhroughs, testing, documentation and other engagement related activities . Participate in vendor calls / client interactions by providing delivery updates. Follow policies and procedures that support the successful implementation of TPRM operating models. Participate in process walkthrough discussions to assist in documenting end-to-end business processes and functional requirements. Participate in assessing the application of legal and regulatory requirements to clients TPRM practices. Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes. Understand the process gaps and propose preventive/corrective action where appropriate. Demonstrate a keen interest in developing knowledge of market trends, competitor activities, EY products, and service lines. Adhere strictly to fulfill project activities to achieve exceptional client service Work effectively as a team member, sharing responsibility, providing support, maintaining communication, and updating senior team members on progress. Conduct research and assist senior team members in preparing client presentations and information memorandums. Continuously strive towards exceeding client & team expectations and work on increasingly complex assignments. Support management in the preparation of proposals and business development materials. Bring out of the box thinking mindset and analytical thinking capability to enhance service delivery. Skills And Attributes For Success Maintain an educational program to develop personal skills continually. Constantly upskilling as per market trends. Understand and follow workplace policies and procedures. Exhibit initiative and participate in corporate social and team events. To qualify for the role, you must have B.Tech (IT/Computer Science), BSc.(IT), BE, MCA, from a tier1 or tier 2 college. 1 to 4 years of demonstrated experience with Risk Management, preferably in the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting). Basic understanding of the TPRM framework, Risk Management, Information Security practices. Good to have exposure in Contract Risk Reviews. Good exposure in TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc). Basic knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc Basic knowledge of privacy regulations such as GDPR, CCPA, etc Basic knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc Basic knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management. Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer Ideally, you’ll also have Exposure to tools like ProcessUnity, ServiceNow, Archer. What We Look For A Team of people with enthusiasm to develop new skills and knowledge and experience to succeed and inquisitiveness to learn new things in this fast-moving environment. An opportunity to be a part of a market-leading, multi-disciplinary team of professionals, in the only integrated global transaction business worldwide. Opportunities to work with TPRaaS practices globally with leading businesses across a range of industries What Working At EY Offers At EY, we’re dedicated to helping our clients, from the startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is on education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your progress with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching, and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Third-Party Risk as a Service (TPRaaS) – Staff As part of our TPRaaS team, you will help clients enhance their business performance by translating their strategies into realities. Working with EY-high performing teams, you will help clients to grow, innovate, protect, and optimize their business performance. The opportunity We’re looking for Staff with expertise in Third Party Risk Management to join the leadership group of our TPRaaS team. This is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your key responsibilities Participate in the delivery of Third-Party Risk Management (TPRM) engagements covering walkhroughs, testing, documentation and other engagement related activities . Participate in vendor calls / client interactions by providing delivery updates. Follow policies and procedures that support the successful implementation of TPRM operating models. Participate in process walkthrough discussions to assist in documenting end-to-end business processes and functional requirements. Participate in assessing the application of legal and regulatory requirements to clients TPRM practices. Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes. Understand the process gaps and propose preventive/corrective action where appropriate. Demonstrate a keen interest in developing knowledge of market trends, competitor activities, EY products, and service lines. Adhere strictly to fulfill project activities to achieve exceptional client service Work effectively as a team member, sharing responsibility, providing support, maintaining communication, and updating senior team members on progress. Conduct research and assist senior team members in preparing client presentations and information memorandums. Continuously strive towards exceeding client & team expectations and work on increasingly complex assignments. Support management in the preparation of proposals and business development materials. Bring out of the box thinking mindset and analytical thinking capability to enhance service delivery. Skills And Attributes For Success Maintain an educational program to develop personal skills continually. Constantly upskilling as per market trends. Understand and follow workplace policies and procedures. Exhibit initiative and participate in corporate social and team events. To qualify for the role, you must have B.Tech (IT/Computer Science), BSc.(IT), BE, MCA, from a tier1 or tier 2 college. 1 to 4 years of demonstrated experience with Risk Management, preferably in the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting). Basic understanding of the TPRM framework, Risk Management, Information Security practices. Good to have exposure in Contract Risk Reviews. Good exposure in TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc). Basic knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc Basic knowledge of privacy regulations such as GDPR, CCPA, etc Basic knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc Basic knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management. Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer Ideally, you’ll also have Exposure to tools like ProcessUnity, ServiceNow, Archer. What We Look For A Team of people with enthusiasm to develop new skills and knowledge and experience to succeed and inquisitiveness to learn new things in this fast-moving environment. An opportunity to be a part of a market-leading, multi-disciplinary team of professionals, in the only integrated global transaction business worldwide. Opportunities to work with TPRaaS practices globally with leading businesses across a range of industries What Working At EY Offers At EY, we’re dedicated to helping our clients, from the startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is on education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your progress with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching, and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Lead internal/external security audits (HITRUST, ISO27001, SOC2) collect evidence, map controls, Maintain compliance docs, risk registers, track remediation. Coordinate cross-functional teams, review policies, assess vendors.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Third-Party Risk as a Service (TPRaaS) – Staff As part of our TPRaaS team, you will help clients enhance their business performance by translating their strategies into realities. Working with EY-high performing teams, you will help clients to grow, innovate, protect, and optimize their business performance. The opportunity We’re looking for Staff with expertise in Third Party Risk Management to join the leadership group of our TPRaaS team. This is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your key responsibilities Participate in the delivery of Third-Party Risk Management (TPRM) engagements covering walkhroughs, testing, documentation and other engagement related activities . Participate in vendor calls / client interactions by providing delivery updates. Follow policies and procedures that support the successful implementation of TPRM operating models. Participate in process walkthrough discussions to assist in documenting end-to-end business processes and functional requirements. Participate in assessing the application of legal and regulatory requirements to clients TPRM practices. Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes. Understand the process gaps and propose preventive/corrective action where appropriate. Demonstrate a keen interest in developing knowledge of market trends, competitor activities, EY products, and service lines. Adhere strictly to fulfill project activities to achieve exceptional client service Work effectively as a team member, sharing responsibility, providing support, maintaining communication, and updating senior team members on progress. Conduct research and assist senior team members in preparing client presentations and information memorandums. Continuously strive towards exceeding client & team expectations and work on increasingly complex assignments. Support management in the preparation of proposals and business development materials. Bring out of the box thinking mindset and analytical thinking capability to enhance service delivery. Skills And Attributes For Success Maintain an educational program to develop personal skills continually. Constantly upskilling as per market trends. Understand and follow workplace policies and procedures. Exhibit initiative and participate in corporate social and team events. To qualify for the role, you must have B.Tech (IT/Computer Science), BSc.(IT), BE, MCA, from a tier1 or tier 2 college. 1 to 4 years of demonstrated experience with Risk Management, preferably in the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting). Basic understanding of the TPRM framework, Risk Management, Information Security practices. Good to have exposure in Contract Risk Reviews. Good exposure in TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc). Basic knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc Basic knowledge of privacy regulations such as GDPR, CCPA, etc Basic knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc Basic knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management. Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer Ideally, you’ll also have Exposure to tools like ProcessUnity, ServiceNow, Archer. What We Look For A Team of people with enthusiasm to develop new skills and knowledge and experience to succeed and inquisitiveness to learn new things in this fast-moving environment. An opportunity to be a part of a market-leading, multi-disciplinary team of professionals, in the only integrated global transaction business worldwide. Opportunities to work with TPRaaS practices globally with leading businesses across a range of industries What Working At EY Offers At EY, we’re dedicated to helping our clients, from the startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is on education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your progress with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching, and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.