552 Hitrust Jobs - Page 8

About the client: Our Client is a global technology company, home to more than 220,000 people across 60 countries, delivering industry-leading capabilities centered around digital, engineering, cloud and AI, powered by a broad portfolio of technology services and products. We work with clients across all major verticals, providing industry solutions for Financial Services, Manufacturing, Life Sciences and Healthcare, Technology and Services, Telecom and Media, Retail and CPG, and Public Services. Experience: 6-12 years Mode of working: Hybrid (3 Days from Office) Location: Bengaluru / Noida / Pune Roles and Responsibilities: Lead and Manage Secure Design review and Thread modelling for Applications ( On premise and SaaS based Applications) Develop and implement comprehensive security strategies to safeguard application systems. Define security best practices and standards and Lead Secure Software Development Lifecycle best practices and standards. Oversee security incident response and mitigation efforts, ensuring quick and efficient handling of security breaches or threats. Conduct regular penetration testing, Red team exercise, security assessments and audits to identify vulnerabilities and implement corrective measures. Collaborate with application stakeholders to develop security roadmaps and participate in daily stand-ups to align security initiatives with organizational goals. Foster a culture of continuous improvement in Application security including Development,Supply chain security and AI/ML Experience in managing Business Continuity and Crisis management Staying up-to-date on the latest Application security technologies, trends, and best practices. A strong understanding of cloud computing technologies, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Knowledge of security frameworks such as SANS,OWASP, NIST and ISO Framework. Certifications such as Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP), or Certified Cloud Architect (CCA) are preferred. Extensive knowledge and experience with developing Cloud Security Frameworks using industry best practices such as those from the Cloud Security Alliance (CSA) and NIST CSF and regulatory requirements such as HIPAA, HITrust and PCI or closely related. Understanding of industry regulatory and compliance requirements (i.e., FedRAMP, PCI-DSS, NIST, HIPAA) and skilled at interpreting the compliance and security requirements into implementable and repeatable controls Skills and Qualifications: Threat Modelling - STRIDE Proficiency in reading, writing, and auditing code and the ability to learn new languages/technologies including but not limited to - C#,.Net,.Net Core, Python,NodeJS,Javascript,VueJS. Experience with OWASP Top10 or SANS Top 25 Knowledge of OAuth 2.0/OpenID Connect/ Cryptography Knowledge of Responsible AI and ML Security. Knowledge of Supply chain, Secure build and Container platform security. Knowledge of Pen Testing and Vulnerability assessment platform Knowledge of SAST/DAST/Open Source/Code quality/Code Smell management tools AWS,Azure and GCP Native Security service awareness

Sr Cyber Governance Analyst Job Summary Provide professional expertise and advise IT and senior leadership in matters relating to technology-related compliance with all applicable laws, regulations, industry standards and corporate compliance requirements. Assess changes in the regulatory, business and technology environment and recommend and implement or guide appropriate changes to IT policies, controls, and processes to address security and technology issues. Manage and coordinate IT audit activities by working with IT leaders, team members, external auditors, regulators, and other organizations that review and assess IT processes and controls. Lead and execute cybersecurity risk management activities include internal compliance and risk management activities as well as third-party vendor security oversight and response to customer security inquiries. Responsibilities Provide professional expertise and advise leadership in complying with all applicable laws, regulations, and accreditations, including Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), FedRAMP, HITRUST, ISO 27001, and EU General Data Protection Regulation (GDPR). Facilitate, oversee, and provide point of contact for all IT audits, assessments, and other reviews of processes and technology. Work with teams to coordinate schedules for activity. Work with IT teams to deliver requested evidence, documentation, conduct interviews, walk through processes, test controls, and negotiate issues. Manage and monitor development and execution of action plans by reviewing and evaluating reports for trends, working with leadership to prioritize findings, and track progress toward agreed upon timeframes. Ensure issues are appropriately documented, relevant, and understood. Perform IT risk and controls assurance assessments of internal and third-party technology-related processes and solutions, working with IT leaders, security architects, Procurement, and other subject matter experts. Perform recurring assessments of information security and technology functions to measure maturity against industry standard baselines, identifying improvement areas, registering risks, and assisting with action plans to move processes to a higher level of maturity. Develop and maintain operational metrics to ensure information security and technology risk and the performance of the IT risk and compliance program is measured sufficiently to enable success. Mentor and coach team members through risk assessments, including scoping of an assessment, resolving conflict, and prioritization of issues. Perform peer review of work product and deliverables. Continuously look to optimize processes, technology and capabilities through tactical and strategic development. Other duties as assigned. Knowledge And Skills Strong analytical skills; Demonstration of ability to solve problems using best practices and systematic approach Relationship builder; able to create and maintain a trusted network on all levels; Good communication, influencing and negotiating skills; Written and oral communication skills including the ability to communicate complex technical issues to non-technical staff; Project management and organizational skills; Tactful and diplomatic when engaging with all levels of management always maintaining a professional demeanor. Required Experience 5-8 years direct experience with information security, IT controls assurance and IT audit facilitation Working knowledge of industry standards such as NIST Cybersecurity Framework, FedRAMP, NIST SP 800-53, ISO 27001, Sarbanes-Oxley, SOC1, SOC2, HIPAA, HITRUST and other similar frameworks. Preferred Experience Experience in cloud-based environments for production applications, including Amazon Web Services, Microsoft Azure, GCP or other large-scale cloud deployment. Understanding of attack vectors and methodologies. Ability to weigh business risks and enforce appropriate information security measures. CISSP, CISM, CISA, CCSA or equivalent certification preferred. Proficient in the use of Microsoft Office (Excel and PowerPoint), Power BI and Power Automate. GHX: It's the way you do business in healthcare Global Healthcare Exchange (GHX) enables better patient care and billions in savings for the healthcare community by maximizing automation, efficiency and accuracy of business processes. GHX is a healthcare business and data automation company, empowering healthcare organizations to enable better patient care and maximize industry savings using our world class cloud-based supply chain technology exchange platform, solutions, analytics and services. We bring together healthcare providers and manufacturers and distributors in North America and Europe - who rely on smart, secure healthcare-focused technology and comprehensive data to automate their business processes and make more informed decisions. It is our passion and vision for a more operationally efficient healthcare supply chain, helping organizations reduce - not shift - the cost of doing business, paving the way to delivering patient care more effectively. Together we take more than a billion dollars out of the cost of delivering healthcare every year. GHX is privately owned, operates in the United States, Canada and Europe, and employs more than 1000 people worldwide. Our corporate headquarters is in Colorado, with additional offices in Europe. Disclaimer Global Healthcare Exchange, LLC and its North American subsidiaries (collectively, “GHX”) provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. All qualified applicants will receive consideration for employment without regard to any status protected by applicable law. This EEO policy applies to all terms, conditions, and privileges of employment, including hiring, training and development, promotion, transfer, compensation, benefits, educational assistance, termination, layoffs, social and recreational programs, and retirement. GHX believes that employees should be provided with a working environment which enables each employee to be productive and to work to the best of his or her ability. We do not condone or tolerate an atmosphere of intimidation or harassment based on race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. GHX expects and requires the cooperation of all employees in maintaining a discrimination and harassment-free atmosphere. Improper interference with the ability of GHX’s employees to perform their expected job duties is absolutely not tolerated.

Line of Service Advisory Industry/Sector Not Applicable Specialism Risk Management Level Associate Job Description & Summary At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. Those in internal audit at PwC help build, optimise and deliver end-to-end internal audit services to clients in all industries. This includes IA function setup and transformation, co-sourcing, outsourcing and managed services, using AI and other risk technology and delivery models. IA capabilities are combined with other industry and technical expertise, in areas like cyber, forensics and compliance, to address the full spectrum of risks. This helps organisations to harness the power of IA to help the organisation protect value and navigate disruption, and obtain confidence to take risks to power growth. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " JOB DESCRIPTION ITGC Reviews, IT Internal Audits, Controls Testing, Compliance Reviews, ISO 27001 Reviews, HIPAA/ HITRUST Reviews Location: Mumbai Department: Risk Consulting Purpose of the Job /Role Perform IT Assessment Reviews which includes IT General Controls, Internal Audits, Controls Testing, Compliance Reviews (such as ISO 27001, HIPAA, HITRUST etc.) Responsibilities Strong understanding of IT General Controls domains such as Change Management ,User Access Management, IT Operations, Back and Recovery Management etc Strong understanding of the third-party risk management Implementation and assessment knowledge of various industry standards, frameworks, and compliances such as ISO 27001, HIPAA, HITRUST, ISO 22301, ISO 27701 etc Understanding of the IT Risk Assessment methodologies and ability to comprehend and apply the knowledge during IT assessment lifecycle Interview client stakeholders and conducts walkthrough meetings and develop assessment artifacts Should understand complete assessment lifecycle from assessment scoping to project deliverables Great communication skills and the ability to break down and explain complex data security problems Excellent presentation skills and ability to effectively communicate proposals and point of view at senior management levels. Mandatory Skill Sets ITGC Preferred Skill Sets ITAC Years Of Experience Required 2 years Education Qualification: BE/ BTech Postgraduates in any stream would be preferred (not mandatory) Prior Big 4 experience would be an added advantage Experience in IT Risk Advisory/ Assurance for varied industry segments preferred Excellent communication skills - both written and oral Certifications: CIA/CISA/CISM will be added advantageB.Tech/MBA Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Master of Business Administration, Bachelor of Technology Degrees/Field Of Study Preferred Certifications (if blank, certifications not specified) Required Skills ITGC Optional Skills Accepting Feedback, Accepting Feedback, Accounting and Financial Reporting Standards, Active Listening, Artificial Intelligence (AI) Platform, Auditing, Auditing Methodologies, Business Process Improvement, Communication, Compliance Auditing, Corporate Governance, Data Analysis and Interpretation, Data Ingestion, Data Modeling, Data Quality, Data Security, Data Transformation, Data Visualization, Emotional Regulation, Empathy, Financial Accounting, Financial Audit, Financial Reporting, Financial Statement Analysis, Generally Accepted Accounting Principles (GAAP) {+ 19 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date

NationsBenefits is the leading provider of supplemental benefits, flex cards, and member engagement solutions that partners with managed care organizations to provide innovative healthcare solutions designed to drive growth, improve outcomes, reduce costs, and delight members. Our comprehensive suite of innovative supplemental benefits, payments platform, and member engagement solutions help health plans deliver high-quality benefits to their members, addressing social determinants of health and improving member health outcomes and satisfaction. With a compliance-focused infrastructure, proprietary technology systems, and premier service delivery model, we enable our health plan partners to deliver high-quality, valuebased care to millions of members. We offer a fulfilling work environment that attracts top talent and encourages all associates to do their part in delivering premier service to internal and external customers alike. Its how were transforming the healthcare industry for the better. We provide career advancement opportunities within the organization with multiple locations in Florida, California, Pennsylvania, Tennessee, Texas, Utah, and India. You might also like to know that NationsBenefits is also recognized as one of the fastest growing companies in America. Were proud of how far weve come, and a career with us also gives you growth opportunities. Position Overview The Senior Compliance Analyst is responsible for leading the assessment, monitoring, and maintenance of the organizations internal control environment and compliance efforts related to key regulatory and industry standards, including HITRUST, SOC 2, and PCI DSS. This role will serve as a subject matter expert in audit readiness and compliance reporting, working closely with internal stakeholders, auditors, and assessors to ensure successful certification and audit outcomes. The Senior Compliance Analyst will also play a critical role in control testing, evidence gathering, and issue remediation tracking. Key Responsibilities Regulatory and Framework Compliance Oversight Serve as the internal point of contact for all matters related to HITRUST, SOC 2, and PCI DSS compliance. Coordinate and support the execution of external audits and assessments. Monitor ongoing compliance activities across departments to ensure adherence to regulatory requirements and industry frameworks. Maintain up-to-date knowledge of changes in applicable standards and regulations, proactively updating policies and controls. Internal Controls Monitoring and Testing Conduct routine internal control testing to validate design and operational effectiveness. Document findings, track remediation efforts, and escalate issues where necessary. Collaborate with control owners to ensure proper documentation, process alignment, and control maturity. Manage evidence collection and maintenance for audit readiness throughout the year. Audit Readiness and Execution Own end-to-end preparation for compliance audits including control mapping, pre-audit checks, and facilitating walkthroughs. Partner with internal teams and external auditors to manage audit logistics, request responses, and evidence delivery. Lead corrective action plans in response to audit findings. Policy and Procedure Support Assist in the development, review, and maintenance of compliance-related policies, procedures, and standard operating documents. Ensure controls and practices align with documentation and are consistently applied across the organization. Reporting and Risk Tracking Maintain dashboards and reports tracking control health, audit status, and compliance program KPIs. Support the GRC Director with compliance reporting for internal and external stakeholders. Qualifications Education Bachelors degree in information systems, Cybersecurity, Business Administration, or a related field. Masters degree or equivalent experience preferred. Experience 46 years of experience in a compliance, risk, or IT audit role. Hands-on experience supporting HITRUST, SOC 2, or PCI DSS audits. Familiarity with risk assessment, control testing, and remediation tracking processes. Certifications (Preferred) Certified Information Systems Auditor (CISA) HITRUST Certified CSF Practitioner (CCSFP) Certified in Risk and Information Systems Control (CRISC) CompTIA Security+ or similar Skills Strong knowledge of compliance frameworks and internal control principles. Excellent project management and organizational skills. Ability to communicate effectively with both technical and non-technical stakeholders. Comfortable managing multiple priorities in a fast-paced environment. Proficiency with GRC tools and audit management platforms. Key Competencies Attention to Detail: Ability to meticulously validate evidence and control execution. Analytical Skills: Identify compliance gaps and recommend practical solutions. Collaboration: Work cross-functionally to gather evidence and align processes. Accountability: Drive audit preparation and closure of compliance gaps. Adaptability: Stay current with evolving regulatory requirements and apply them effectively Show more Show less

Line of Service Advisory Industry/Sector Not Applicable Specialism Risk Management Level Manager Job Description & Summary At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. Those in internal audit at PwC help build, optimise and deliver end-to-end internal audit services to clients in all industries. This includes IA function setup and transformation, co-sourcing, outsourcing and managed services, using AI and other risk technology and delivery models. IA capabilities are combined with other industry and technical expertise, in areas like cyber, forensics and compliance, to address the full spectrum of risks. This helps organisations to harness the power of IA to help the organisation protect value and navigate disruption, and obtain confidence to take risks to power growth. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firms growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " JOB DESCRIPTION ITGC Reviews, IT Internal Audits, Controls Testing, Compliance Reviews, ISO 27001 Reviews, HIPAA/ HITRUST Reviews Location: Mumbai Department: Risk Consulting Purpose of the Job /Role Perform IT Assessment Reviews which includes IT General Controls, Internal Audits, Controls Testing, Compliance Reviews (such as ISO 27001, HIPAA, HITRUST etc.) Responsibilities Strong understanding of IT General Controls domains such as Change Management ,User Access Management, IT Operations, Back and Recovery Management etc Strong understanding of the third-party risk management Implementation and assessment knowledge of various industry standards, frameworks, and compliances such as ISO 27001, HIPAA, HITRUST, ISO 22301, ISO 27701 etc Understanding of the IT Risk Assessment methodologies and ability to comprehend and apply the knowledge during IT assessment lifecycle Interview client stakeholders and conducts walkthrough meetings and develop assessment artifacts Should understand complete assessment lifecycle from assessment scoping to project deliverables Great communication skills and the ability to break down and explain complex data security problems Excellent presentation skills and ability to effectively communicate proposals and point of view at senior management levels. Mandatory Skill Sets ITGC Preferred Skill Sets ITAC Years Of Experience Required 4 years Education Qualification: BE/ BTech Postgraduates in any stream would be preferred (not mandatory) Prior Big 4 experience would be an added advantage Experience in IT Risk Advisory/ Assurance for varied industry segments preferred Excellent communication skills - both written and oral Certifications: CIA/CISA/CISM will be added advantageB.Tech/MBA Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Technology, Master of Business Administration Degrees/Field Of Study Preferred Certifications (if blank, certifications not specified) Required Skills ITGC Optional Skills Accepting Feedback, Accepting Feedback, Accounting and Financial Reporting Standards, Active Listening, Analytical Thinking, Artificial Intelligence (AI) Platform, Auditing, Auditing Methodologies, Business Process Improvement, Coaching and Feedback, Communication, Compliance Auditing, Corporate Governance, Creativity, Data Analysis and Interpretation, Data Ingestion, Data Modeling, Data Quality, Data Security, Data Transformation, Data Visualization, Embracing Change, Emotional Regulation, Empathy, Financial Accounting + 29 more Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship No Government Clearance Required No Job Posting End Date Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Third-Party Risk as a Service - TPRaaS – Senior As part of our EY- NFS TPRM team, you will help clients enhance their business performance by translating their strategies into realities. Working with EY-high performing teams, you will help clients to grow, innovate, protect, and optimize their business performance. The opportunity We’re looking for Seniors with expertise in Third-Party Risk Management to join the leadership group of our TPRaaS team. It is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your Key Responsibilities Lead and work closely with the manager in the delivery of Third-Party Risk Management (TPRM) engagements. Assist / Mentor team members in vendor calls / client interactions by providing delivery updates. Perform Quality Checks on work products before delivering it to the end clients. Follow policies and procedures that support the successful implementation of TPRM operating models. Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements. Assess the application of legal and regulatory requirements to clients TPRM practices. Lead/Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes. Assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects. Build and nurture positive working relationships with clients to achieve exceptional client service. Contribute to Identifying opportunities to improve engagement profitability. Assist leadership in driving business development initiatives and account management. Participate in building strong internal relationships within GMS Services and with other services across the organization. Skills And Attributes For Success Maintain an educational program to develop personal skills continually. Constantly upskilling as per market trends. Understand and follow workplace policies and procedures. Exhibit initiative and participate in corporate social and team events. To qualify for the role, you must have 4 to 8 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures). Strong understanding of the TPRM framework, Risk Management, Information Security practices. Demonstrate a good understanding of the Contract Risk Review management process. Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.). Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc. Good knowledge of privacy regulations such as GDPR, CCPA, etc. Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management. Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review. Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.). Good experience in LAN/WAN architectures and reviews. Good knowledge of incident management, disaster recovery, and business continuity management, cryptography. Good to have prior Big-4 experience. Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer Ideally, you’ll also have Project Management skills. Exposure to tools like ProcessUnity, ServiceNow, Archer. What We Look For A Team of people with enthusiasm to develop new skills and knowledge and experience to succeed and inquisitiveness to learn new things in this fast-moving environment. Actively tracks and communicates engagement performance and planning to EY engagement management, ensuring project milestones remain on track and are completed timely. Actively mentors and trains team members on Third-Party Risk Management processes, governance, and frameworks. Works cross-functionally with team members to support and drive a collaborative team environment. Creates and design effective presentations as a means for communicating project and deliverable progress to clients. Performs sophisticated data analyses to understand client s business and identify risk Executes advanced services and supervise staff in delivering essential services. Understands client s business environment and basic risk management approaches Actively participates in decision making with engagement management and seek to understand the broader impact of current decisions. Actively contributes to improving operational efficiency on projects & internal initiatives. What Working At EY Offers At EY, we’re dedicated to helping our clients, from the startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is on education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your progress with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching, and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Third-Party Risk as a Service - TPRaaS – Senior As part of our EY- NFS TPRM team, you will help clients enhance their business performance by translating their strategies into realities. Working with EY-high performing teams, you will help clients to grow, innovate, protect, and optimize their business performance. The opportunity We’re looking for Seniors with expertise in Third-Party Risk Management to join the leadership group of our TPRaaS team. It is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your Key Responsibilities Lead and work closely with the manager in the delivery of Third-Party Risk Management (TPRM) engagements. Assist / Mentor team members in vendor calls / client interactions by providing delivery updates. Perform Quality Checks on work products before delivering it to the end clients. Follow policies and procedures that support the successful implementation of TPRM operating models. Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements. Assess the application of legal and regulatory requirements to clients TPRM practices. Lead/Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes. Assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects. Build and nurture positive working relationships with clients to achieve exceptional client service. Contribute to Identifying opportunities to improve engagement profitability. Assist leadership in driving business development initiatives and account management. Participate in building strong internal relationships within GMS Services and with other services across the organization. Skills And Attributes For Success Maintain an educational program to develop personal skills continually. Constantly upskilling as per market trends. Understand and follow workplace policies and procedures. Exhibit initiative and participate in corporate social and team events. To qualify for the role, you must have 4 to 8 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures). Strong understanding of the TPRM framework, Risk Management, Information Security practices. Demonstrate a good understanding of the Contract Risk Review management process. Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.). Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc. Good knowledge of privacy regulations such as GDPR, CCPA, etc. Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management. Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review. Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.). Good experience in LAN/WAN architectures and reviews. Good knowledge of incident management, disaster recovery, and business continuity management, cryptography. Good to have prior Big-4 experience. Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer Ideally, you’ll also have Project Management skills. Exposure to tools like ProcessUnity, ServiceNow, Archer. What We Look For A Team of people with enthusiasm to develop new skills and knowledge and experience to succeed and inquisitiveness to learn new things in this fast-moving environment. Actively tracks and communicates engagement performance and planning to EY engagement management, ensuring project milestones remain on track and are completed timely. Actively mentors and trains team members on Third-Party Risk Management processes, governance, and frameworks. Works cross-functionally with team members to support and drive a collaborative team environment. Creates and design effective presentations as a means for communicating project and deliverable progress to clients. Performs sophisticated data analyses to understand client s business and identify risk Executes advanced services and supervise staff in delivering essential services. Understands client s business environment and basic risk management approaches Actively participates in decision making with engagement management and seek to understand the broader impact of current decisions. Actively contributes to improving operational efficiency on projects & internal initiatives. What Working At EY Offers At EY, we’re dedicated to helping our clients, from the startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is on education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your progress with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching, and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Line of Service Advisory Industry/Sector Not Applicable Specialism Risk Management Level Associate Job Description & Summary At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. Those in internal audit at PwC help build, optimise and deliver end-to-end internal audit services to clients in all industries. This includes IA function setup and transformation, co-sourcing, outsourcing and managed services, using AI and other risk technology and delivery models. IA capabilities are combined with other industry and technical expertise, in areas like cyber, forensics and compliance, to address the full spectrum of risks. This helps organisations to harness the power of IA to help the organisation protect value and navigate disruption, and obtain confidence to take risks to power growth. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firms growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. Job Description & Summary: ITGC Reviews, IT Internal Audits, Controls Testing, Compliance Reviews, ISO 27001 Reviews, HIPAA/ HITRUST Reviews Perform IT Assessment Reviews which includes IT General Controls, Internal Audits, Controls Testing, Compliance Reviews (such as ISO 27001, HIPAA, HITRUST etc.) Responsibilities: Strong understanding of IT General Controls domains such as Change Management, User Access Management, IT Operations, Back and Recovery Management etc Strong understanding of the third-party risk management Implementation and assessment knowledge of various industry standards, frameworks, and compliances such as ISO 27001, HIPAA, HITRUST, ISO 22301, ISO 27701 etc Understanding of the IT Risk Assessment methodologies and ability to comprehend and apply the knowledge during IT assessment lifecycle Interview client stakeholders and conducts walkthrough meetings and develop assessment artifacts Should understand complete assessment lifecycle from assessment scoping to project deliverables Great communication skills and the ability to break down and explain complex data security problems Excellent presentation skills and ability to effectively communicate proposals and point of view at senior management levels Education: Minimum Qualification: BE/ BTech/MBA/Mtech/MCA Postgraduates in any stream would be preferred (not mandatory) Prior Big 4 experience would be an added advantage Experience in IT Risk Advisory/ Assurance for varied industry segments preferred Excellent communication skills - both written and oral Certifications: CIA/CISA/CISM will be added advantage Mandatory Skill Sets : ITGC Reviews, IT Internal Audits, Controls Testing, Compliance Reviews, ISO 27001 Reviews, HIPAA/ HITRUST Reviews Preferred Skill Sets: ISO 27001 Reviews, HIPAA/ HITRUST Reviews Years Of Experience Required: 2-8 years Education Qualification: BE, B.tech, ME, M.tech, MCA, MBA, Mcom, CA, CS Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Engineering, Master of Engineering, Bachelor of Technology, Master Degree Degrees/Field Of Study Preferred: Certifications (if blank, certifications not specified) Required Skills Information Technology General Controls (ITGC) Optional Skills Accepting Feedback, Accepting Feedback, Accounting and Financial Reporting Standards, Active Listening, Artificial Intelligence (AI) Platform, Auditing, Auditing Methodologies, Business Process Improvement, Communication, Compliance Auditing, Corporate Governance, Data Analysis and Interpretation, Data Ingestion, Data Modeling, Data Quality, Data Security, Data Transformation, Data Visualization, Emotional Regulation, Empathy, Financial Accounting, Financial Audit, Financial Reporting, Financial Statement Analysis, Generally Accepted Accounting Principles (GAAP) + 19 more Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship No Government Clearance Required No Job Posting End Date Show more Show less

Line of Service Advisory Industry/Sector Not Applicable Specialism Risk Management Level Associate Job Description & Summary At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. Those in internal audit at PwC help build, optimise and deliver end-to-end internal audit services to clients in all industries. This includes IA function setup and transformation, co-sourcing, outsourcing and managed services, using AI and other risk technology and delivery models. IA capabilities are combined with other industry and technical expertise, in areas like cyber, forensics and compliance, to address the full spectrum of risks. This helps organisations to harness the power of IA to help the organisation protect value and navigate disruption, and obtain confidence to take risks to power growth. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firms growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " JOB DESCRIPTION ITGC Reviews, IT Internal Audits, Controls Testing, Compliance Reviews, ISO 27001 Reviews, HIPAA/ HITRUST Reviews Location: Mumbai Department: Risk Consulting Purpose of the Job /Role Perform IT Assessment Reviews which includes IT General Controls, Internal Audits, Controls Testing, Compliance Reviews (such as ISO 27001, HIPAA, HITRUST etc.) Responsibilities Strong understanding of IT General Controls domains such as Change Management ,User Access Management, IT Operations, Back and Recovery Management etc Strong understanding of the third-party risk management Implementation and assessment knowledge of various industry standards, frameworks, and compliances such as ISO 27001, HIPAA, HITRUST, ISO 22301, ISO 27701 etc Understanding of the IT Risk Assessment methodologies and ability to comprehend and apply the knowledge during IT assessment lifecycle Interview client stakeholders and conducts walkthrough meetings and develop assessment artifacts Should understand complete assessment lifecycle from assessment scoping to project deliverables Great communication skills and the ability to break down and explain complex data security problems Excellent presentation skills and ability to effectively communicate proposals and point of view at senior management levels. Mandatory Skill Sets ITGC Preferred Skill Sets ITAC Years Of Experience Required 4 years Education Qualification: BE/ BTech Postgraduates in any stream would be preferred (not mandatory) Prior Big 4 experience would be an added advantage Experience in IT Risk Advisory/ Assurance for varied industry segments preferred Excellent communication skills - both written and oral Certifications: CIA/CISA/CISM will be added advantageB.Tech/MBA Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Technology, Master of Business Administration Degrees/Field Of Study Preferred Certifications (if blank, certifications not specified) Required Skills ITGC Optional Skills Accepting Feedback, Accepting Feedback, Accounting and Financial Reporting Standards, Active Listening, Artificial Intelligence (AI) Platform, Auditing, Auditing Methodologies, Business Process Improvement, Communication, Compliance Auditing, Corporate Governance, Data Analysis and Interpretation, Data Ingestion, Data Modeling, Data Quality, Data Security, Data Transformation, Data Visualization, Emotional Regulation, Empathy, Financial Accounting, Financial Audit, Financial Reporting, Financial Statement Analysis, Generally Accepted Accounting Principles (GAAP) + 19 more Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship No Government Clearance Required No Job Posting End Date Show more Show less

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY- Data Protection And Privacy – Technology Consulting – Manager/Architect As part of our EY Data Protection & Privacy Technology Consulting team, you would develop, deliver and lead cybersecurity and IT risk client engagements as well as internal projects, across the globe. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY and GDS within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior management. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards. You’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Manager with expertise in Data / Information Protection & Privacy, risk and controls concepts. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Help the firm identify opportunities and develop business across the globe Demonstrated consulting skills (client service orientation, conflict resolution, analysis/synthesis of information, negotiation, project management, etc.) Ensure delivery of quality client services. Monitor progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Stay abreast of current business and industry trends relevant to our clients Establish relationships with client personnel at appropriate levels Demonstrate capability to manage client expectations Build strong internal relationships within EY Consulting Services and with other services across the organization Demonstrate in-depth technical capabilities and professional knowledge. Demonstrate ability to assimilate to new knowledge Possess good business acumen. Remain current on new developments in advisory services capabilities and industry knowledge Demonstrate and apply a thorough understanding of complex information systems. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations Contribute to people-related initiatives, including development, coaching, recruiting, training and retaining staff Maintain an educational program to continually develop personal skills of staff Understand and follow workplace policies and procedures Foster teamwork and lead by example Skills And Attributes For Success (Must Have) Hands-on experience of more than 10 years of with key components of Cyber Security including (but not limited to): Proficiency in cybersecurity principles, zero trust architecture, network design, security protocols, risk management, and security technologies Experience in Defining Data Security Strategy and DSPM Information Security concepts related to Governance, Risk & Compliance MS Purview DLP, Data Classification/CASB Skills And Attributes For Success (Good To Have) Encryption, Tokenization, PKI, CLM Technology support and Event Handling Experience of Administration of the DLP, CLASSIFICATION, CASB, DAM tools which includes configuring policies, upgrading and patching for leading vendors. (MS Purview, McAfee/Symantec/ Forcepoint, Netskope, IBM, Vormetric, Venafi, MS PKI etc.) Regulations/standards such as ISO 27001, PCI DSS, HIPAA, HITRUST, GDPR, CCPA Extend required support for any reported data protection and privacy incidents such as information breaches and leakages. Ability to guide teams through the design and implementation of Data security solutions that reduce vulnerability, strengthen controls and optimize organizational efficiency In depth knowledge of general security concepts, such as defense-in-depth, least privilege, security architecture and design, etc. Develops budget, scope and staffing recommendations based on understanding of client budget and project economics Experience of managing a large team to deliver Cyber services on its own or within large complex projects Review of Data Protection & Privacy engagements during different phases of the lifecycle – assess, design, and implementation Develop strategic and tactical Data security remediation recommendations / cyber risk roadmap to address identified security gaps To qualify for the role, you must have BE - B. Tech / MCA / M. Tech / MBA with background in computer science and programming More than 10 Years of relevant experience Strong Excel and PowerPoint skills Excellent analytical skills and knowledge of data analytics methods Demonstrated leadership abilities Excellent interpersonal, written, verbal, communication, and presentation skills Ideally, you’ll also have Project management skills. CISSP, CISA, CISM, CEH, CIPPE/M, Technical (Vendor) Certifications. What We Look For A team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 1400 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. What Working At EY Offers At EY, we’re dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around. Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY- Data Protection And Privacy – Technology Consulting – Manager/Architect As part of our EY Data Protection & Privacy Technology Consulting team, you would develop, deliver and lead cybersecurity and IT risk client engagements as well as internal projects, across the globe. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY and GDS within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior management. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards. You’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Manager with expertise in Data / Information Protection & Privacy, risk and controls concepts. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Help the firm identify opportunities and develop business across the globe Demonstrated consulting skills (client service orientation, conflict resolution, analysis/synthesis of information, negotiation, project management, etc.) Ensure delivery of quality client services. Monitor progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Stay abreast of current business and industry trends relevant to our clients Establish relationships with client personnel at appropriate levels Demonstrate capability to manage client expectations Build strong internal relationships within EY Consulting Services and with other services across the organization Demonstrate in-depth technical capabilities and professional knowledge. Demonstrate ability to assimilate to new knowledge Possess good business acumen. Remain current on new developments in advisory services capabilities and industry knowledge Demonstrate and apply a thorough understanding of complex information systems. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations Contribute to people-related initiatives, including development, coaching, recruiting, training and retaining staff Maintain an educational program to continually develop personal skills of staff Understand and follow workplace policies and procedures Foster teamwork and lead by example Skills And Attributes For Success (Must Have) Hands-on experience of more than 10 years of with key components of Cyber Security including (but not limited to): Proficiency in cybersecurity principles, zero trust architecture, network design, security protocols, risk management, and security technologies Experience in Defining Data Security Strategy and DSPM Information Security concepts related to Governance, Risk & Compliance MS Purview DLP, Data Classification/CASB Skills And Attributes For Success (Good To Have) Encryption, Tokenization, PKI, CLM Technology support and Event Handling Experience of Administration of the DLP, CLASSIFICATION, CASB, DAM tools which includes configuring policies, upgrading and patching for leading vendors. (MS Purview, McAfee/Symantec/ Forcepoint, Netskope, IBM, Vormetric, Venafi, MS PKI etc.) Regulations/standards such as ISO 27001, PCI DSS, HIPAA, HITRUST, GDPR, CCPA Extend required support for any reported data protection and privacy incidents such as information breaches and leakages. Ability to guide teams through the design and implementation of Data security solutions that reduce vulnerability, strengthen controls and optimize organizational efficiency In depth knowledge of general security concepts, such as defense-in-depth, least privilege, security architecture and design, etc. Develops budget, scope and staffing recommendations based on understanding of client budget and project economics Experience of managing a large team to deliver Cyber services on its own or within large complex projects Review of Data Protection & Privacy engagements during different phases of the lifecycle – assess, design, and implementation Develop strategic and tactical Data security remediation recommendations / cyber risk roadmap to address identified security gaps To qualify for the role, you must have BE - B. Tech / MCA / M. Tech / MBA with background in computer science and programming More than 10 Years of relevant experience Strong Excel and PowerPoint skills Excellent analytical skills and knowledge of data analytics methods Demonstrated leadership abilities Excellent interpersonal, written, verbal, communication, and presentation skills Ideally, you’ll also have Project management skills. CISSP, CISA, CISM, CEH, CIPPE/M, Technical (Vendor) Certifications. What We Look For A team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 1400 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. What Working At EY Offers At EY, we’re dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around. Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY- Data Protection And Privacy – Technology Consulting – Manager/Architect As part of our EY Data Protection & Privacy Technology Consulting team, you would develop, deliver and lead cybersecurity and IT risk client engagements as well as internal projects, across the globe. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY and GDS within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior management. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards. You’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Manager with expertise in Data / Information Protection & Privacy, risk and controls concepts. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Help the firm identify opportunities and develop business across the globe Demonstrated consulting skills (client service orientation, conflict resolution, analysis/synthesis of information, negotiation, project management, etc.) Ensure delivery of quality client services. Monitor progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Stay abreast of current business and industry trends relevant to our clients Establish relationships with client personnel at appropriate levels Demonstrate capability to manage client expectations Build strong internal relationships within EY Consulting Services and with other services across the organization Demonstrate in-depth technical capabilities and professional knowledge. Demonstrate ability to assimilate to new knowledge Possess good business acumen. Remain current on new developments in advisory services capabilities and industry knowledge Demonstrate and apply a thorough understanding of complex information systems. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations Contribute to people-related initiatives, including development, coaching, recruiting, training and retaining staff Maintain an educational program to continually develop personal skills of staff Understand and follow workplace policies and procedures Foster teamwork and lead by example Skills And Attributes For Success (Must Have) Hands-on experience of more than 10 years of with key components of Cyber Security including (but not limited to): Proficiency in cybersecurity principles, zero trust architecture, network design, security protocols, risk management, and security technologies Experience in Defining Data Security Strategy and DSPM Information Security concepts related to Governance, Risk & Compliance MS Purview DLP, Data Classification/CASB Skills And Attributes For Success (Good To Have) Encryption, Tokenization, PKI, CLM Technology support and Event Handling Experience of Administration of the DLP, CLASSIFICATION, CASB, DAM tools which includes configuring policies, upgrading and patching for leading vendors. (MS Purview, McAfee/Symantec/ Forcepoint, Netskope, IBM, Vormetric, Venafi, MS PKI etc.) Regulations/standards such as ISO 27001, PCI DSS, HIPAA, HITRUST, GDPR, CCPA Extend required support for any reported data protection and privacy incidents such as information breaches and leakages. Ability to guide teams through the design and implementation of Data security solutions that reduce vulnerability, strengthen controls and optimize organizational efficiency In depth knowledge of general security concepts, such as defense-in-depth, least privilege, security architecture and design, etc. Develops budget, scope and staffing recommendations based on understanding of client budget and project economics Experience of managing a large team to deliver Cyber services on its own or within large complex projects Review of Data Protection & Privacy engagements during different phases of the lifecycle – assess, design, and implementation Develop strategic and tactical Data security remediation recommendations / cyber risk roadmap to address identified security gaps To qualify for the role, you must have BE - B. Tech / MCA / M. Tech / MBA with background in computer science and programming More than 10 Years of relevant experience Strong Excel and PowerPoint skills Excellent analytical skills and knowledge of data analytics methods Demonstrated leadership abilities Excellent interpersonal, written, verbal, communication, and presentation skills Ideally, you’ll also have Project management skills. CISSP, CISA, CISM, CEH, CIPPE/M, Technical (Vendor) Certifications. What We Look For A team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 1400 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. What Working At EY Offers At EY, we’re dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around. Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY- Data Protection And Privacy – Technology Consulting – Manager/Architect As part of our EY Data Protection & Privacy Technology Consulting team, you would develop, deliver and lead cybersecurity and IT risk client engagements as well as internal projects, across the globe. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY and GDS within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior management. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards. You’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Manager with expertise in Data / Information Protection & Privacy, risk and controls concepts. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Help the firm identify opportunities and develop business across the globe Demonstrated consulting skills (client service orientation, conflict resolution, analysis/synthesis of information, negotiation, project management, etc.) Ensure delivery of quality client services. Monitor progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Stay abreast of current business and industry trends relevant to our clients Establish relationships with client personnel at appropriate levels Demonstrate capability to manage client expectations Build strong internal relationships within EY Consulting Services and with other services across the organization Demonstrate in-depth technical capabilities and professional knowledge. Demonstrate ability to assimilate to new knowledge Possess good business acumen. Remain current on new developments in advisory services capabilities and industry knowledge Demonstrate and apply a thorough understanding of complex information systems. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations Contribute to people-related initiatives, including development, coaching, recruiting, training and retaining staff Maintain an educational program to continually develop personal skills of staff Understand and follow workplace policies and procedures Foster teamwork and lead by example Skills And Attributes For Success (Must Have) Hands-on experience of more than 10 years of with key components of Cyber Security including (but not limited to): Proficiency in cybersecurity principles, zero trust architecture, network design, security protocols, risk management, and security technologies Experience in Defining Data Security Strategy and DSPM Information Security concepts related to Governance, Risk & Compliance MS Purview DLP, Data Classification/CASB Skills And Attributes For Success (Good To Have) Encryption, Tokenization, PKI, CLM Technology support and Event Handling Experience of Administration of the DLP, CLASSIFICATION, CASB, DAM tools which includes configuring policies, upgrading and patching for leading vendors. (MS Purview, McAfee/Symantec/ Forcepoint, Netskope, IBM, Vormetric, Venafi, MS PKI etc.) Regulations/standards such as ISO 27001, PCI DSS, HIPAA, HITRUST, GDPR, CCPA Extend required support for any reported data protection and privacy incidents such as information breaches and leakages. Ability to guide teams through the design and implementation of Data security solutions that reduce vulnerability, strengthen controls and optimize organizational efficiency In depth knowledge of general security concepts, such as defense-in-depth, least privilege, security architecture and design, etc. Develops budget, scope and staffing recommendations based on understanding of client budget and project economics Experience of managing a large team to deliver Cyber services on its own or within large complex projects Review of Data Protection & Privacy engagements during different phases of the lifecycle – assess, design, and implementation Develop strategic and tactical Data security remediation recommendations / cyber risk roadmap to address identified security gaps To qualify for the role, you must have BE - B. Tech / MCA / M. Tech / MBA with background in computer science and programming More than 10 Years of relevant experience Strong Excel and PowerPoint skills Excellent analytical skills and knowledge of data analytics methods Demonstrated leadership abilities Excellent interpersonal, written, verbal, communication, and presentation skills Ideally, you’ll also have Project management skills. CISSP, CISA, CISM, CEH, CIPPE/M, Technical (Vendor) Certifications. What We Look For A team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 1400 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. What Working At EY Offers At EY, we’re dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around. Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY- Data Protection And Privacy – Technology Consulting – Manager/Architect As part of our EY Data Protection & Privacy Technology Consulting team, you would develop, deliver and lead cybersecurity and IT risk client engagements as well as internal projects, across the globe. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY and GDS within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior management. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards. You’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Manager with expertise in Data / Information Protection & Privacy, risk and controls concepts. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Help the firm identify opportunities and develop business across the globe Demonstrated consulting skills (client service orientation, conflict resolution, analysis/synthesis of information, negotiation, project management, etc.) Ensure delivery of quality client services. Monitor progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Stay abreast of current business and industry trends relevant to our clients Establish relationships with client personnel at appropriate levels Demonstrate capability to manage client expectations Build strong internal relationships within EY Consulting Services and with other services across the organization Demonstrate in-depth technical capabilities and professional knowledge. Demonstrate ability to assimilate to new knowledge Possess good business acumen. Remain current on new developments in advisory services capabilities and industry knowledge Demonstrate and apply a thorough understanding of complex information systems. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations Contribute to people-related initiatives, including development, coaching, recruiting, training and retaining staff Maintain an educational program to continually develop personal skills of staff Understand and follow workplace policies and procedures Foster teamwork and lead by example Skills And Attributes For Success (Must Have) Hands-on experience of more than 10 years of with key components of Cyber Security including (but not limited to): Proficiency in cybersecurity principles, zero trust architecture, network design, security protocols, risk management, and security technologies Experience in Defining Data Security Strategy and DSPM Information Security concepts related to Governance, Risk & Compliance MS Purview DLP, Data Classification/CASB Skills And Attributes For Success (Good To Have) Encryption, Tokenization, PKI, CLM Technology support and Event Handling Experience of Administration of the DLP, CLASSIFICATION, CASB, DAM tools which includes configuring policies, upgrading and patching for leading vendors. (MS Purview, McAfee/Symantec/ Forcepoint, Netskope, IBM, Vormetric, Venafi, MS PKI etc.) Regulations/standards such as ISO 27001, PCI DSS, HIPAA, HITRUST, GDPR, CCPA Extend required support for any reported data protection and privacy incidents such as information breaches and leakages. Ability to guide teams through the design and implementation of Data security solutions that reduce vulnerability, strengthen controls and optimize organizational efficiency In depth knowledge of general security concepts, such as defense-in-depth, least privilege, security architecture and design, etc. Develops budget, scope and staffing recommendations based on understanding of client budget and project economics Experience of managing a large team to deliver Cyber services on its own or within large complex projects Review of Data Protection & Privacy engagements during different phases of the lifecycle – assess, design, and implementation Develop strategic and tactical Data security remediation recommendations / cyber risk roadmap to address identified security gaps To qualify for the role, you must have BE - B. Tech / MCA / M. Tech / MBA with background in computer science and programming More than 10 Years of relevant experience Strong Excel and PowerPoint skills Excellent analytical skills and knowledge of data analytics methods Demonstrated leadership abilities Excellent interpersonal, written, verbal, communication, and presentation skills Ideally, you’ll also have Project management skills. CISSP, CISA, CISM, CEH, CIPPE/M, Technical (Vendor) Certifications. What We Look For A team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 1400 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. What Working At EY Offers At EY, we’re dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around. Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY- Data Protection And Privacy – Technology Consulting – Manager/Architect As part of our EY Data Protection & Privacy Technology Consulting team, you would develop, deliver and lead cybersecurity and IT risk client engagements as well as internal projects, across the globe. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY and GDS within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior management. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards. You’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Manager with expertise in Data / Information Protection & Privacy, risk and controls concepts. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Help the firm identify opportunities and develop business across the globe Demonstrated consulting skills (client service orientation, conflict resolution, analysis/synthesis of information, negotiation, project management, etc.) Ensure delivery of quality client services. Monitor progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Stay abreast of current business and industry trends relevant to our clients Establish relationships with client personnel at appropriate levels Demonstrate capability to manage client expectations Build strong internal relationships within EY Consulting Services and with other services across the organization Demonstrate in-depth technical capabilities and professional knowledge. Demonstrate ability to assimilate to new knowledge Possess good business acumen. Remain current on new developments in advisory services capabilities and industry knowledge Demonstrate and apply a thorough understanding of complex information systems. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations Contribute to people-related initiatives, including development, coaching, recruiting, training and retaining staff Maintain an educational program to continually develop personal skills of staff Understand and follow workplace policies and procedures Foster teamwork and lead by example Skills And Attributes For Success (Must Have) Hands-on experience of more than 10 years of with key components of Cyber Security including (but not limited to): Proficiency in cybersecurity principles, zero trust architecture, network design, security protocols, risk management, and security technologies Experience in Defining Data Security Strategy and DSPM Information Security concepts related to Governance, Risk & Compliance MS Purview DLP, Data Classification/CASB Skills And Attributes For Success (Good To Have) Encryption, Tokenization, PKI, CLM Technology support and Event Handling Experience of Administration of the DLP, CLASSIFICATION, CASB, DAM tools which includes configuring policies, upgrading and patching for leading vendors. (MS Purview, McAfee/Symantec/ Forcepoint, Netskope, IBM, Vormetric, Venafi, MS PKI etc.) Regulations/standards such as ISO 27001, PCI DSS, HIPAA, HITRUST, GDPR, CCPA Extend required support for any reported data protection and privacy incidents such as information breaches and leakages. Ability to guide teams through the design and implementation of Data security solutions that reduce vulnerability, strengthen controls and optimize organizational efficiency In depth knowledge of general security concepts, such as defense-in-depth, least privilege, security architecture and design, etc. Develops budget, scope and staffing recommendations based on understanding of client budget and project economics Experience of managing a large team to deliver Cyber services on its own or within large complex projects Review of Data Protection & Privacy engagements during different phases of the lifecycle – assess, design, and implementation Develop strategic and tactical Data security remediation recommendations / cyber risk roadmap to address identified security gaps To qualify for the role, you must have BE - B. Tech / MCA / M. Tech / MBA with background in computer science and programming More than 10 Years of relevant experience Strong Excel and PowerPoint skills Excellent analytical skills and knowledge of data analytics methods Demonstrated leadership abilities Excellent interpersonal, written, verbal, communication, and presentation skills Ideally, you’ll also have Project management skills. CISSP, CISA, CISM, CEH, CIPPE/M, Technical (Vendor) Certifications. What We Look For A team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 1400 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. What Working At EY Offers At EY, we’re dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around. Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

The GRC Security Analyst will plan and implement policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data. The GRC security analysts will stay up-to-date on the latest cybersecurity intelligence, including hackers' methodologies, in order to modify standards and controls that govern cybersecurity across the corporation. Essential Duties & Responsibilities Performing control assessments against corporate cybersecurity frameworks Perform review of policies and supporting procedures/processes Perform assessments of adherence to standards Customer Security Questionnaire assistance Work closely with management on security practices Assess 3rd party vendors for adherence to standards Develop routine reports in accordance with GRC metrics Stay on top of changes in the industry as it relates to security. Other security-related projects that may be assigned according to skills Ensure compliance with policies and procedures Develop and test Disaster Recover Plans Help align company with HITRUST CSF Experience Education Bachelors Degree, ideally in Computer Engineering, Computer Science, or Information Systems Management or equivalent work experience in the field of Cybersecurity 3+ years of relevant work experience in: compliance/systems engineering/cybersecurity role Experience in a healthcare setting preferred Possess current security certifications (e.g., Security+, CISSP, CEH, SANS) or be willing to obtain within 1 year of assignment. Skills/Knowledge 3 5 years experience in building an Information Security Risk Management program Experience supporting the development of Disaster Recovery Plans (DRPs). Proven ability to coordinate, execute, and document Disaster Recovery Plan tests, including analysis and reporting of results. Understanding and familiarity with information system standards Understanding and familiarity with cybersecurity frameworks (ISO, NIST, HiTrust, COBIT, etc) Assist in maturing the Information Security Risk Management Program by helping to define an IS risk register which includes identifying threats and risks to the organization Meet with business stakeholders to identify top security risks Assist in performing IS self-assessments to ensure systems and applications are complying with corporate policies, applicable regulatory and legal requirements, and leading industry practices Assist in developing and driving the implementation of security best practices and standards to mature the overall IS Risk Management Program which includes defining security system and application standards of control Provide solutions to identified issues and risks Work with the CISO to determine the acceptable level of risk for enterprise computing platforms. Coordinate with key functional teams such as HR, IT, Marketing, Finance, Product Management, Development, General Counsel, and the Business to identify new applications and service providers in use and the associated security controls to secure the data. Assist in performing Third Party Risk Assessments for new and existing vendor tools, on premise implementations, and third parties with access to the environment. Assist in maturing the Third Party Risk Management program by defining security controls based on tiers of vendors. Articulating identified risks to the business for remediation, mitigation and sign off. Investigates incidents and events that include potential HIPAA and other data breaches, data leakage, brand reputational risks, malware propagation, system compromises etc. Mature the Data Loss Prevention Program by defining DLP rulesets in existing tools such as Varonis, CASB, Next Generation Firewalls etc. and review outputs to determine the appropriate action required. Assist with maturing the Data Governance Program which includes defining a Data Classification and Handling Program, identifying Data Owners, and assisting with the design and implementation of a Data Classification and Rights Management tool. Assist in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Data Governance Security Program and initiatives. Assist in the management and maintenance of the enterprise wide IS Security Awareness Program which includes phishing simulations, computer based training, proactive communications on latest threats, workshops and newsletters. Assist in developing enterprise and functional team specific presentations to promote a security mindset Work with the CISO to ensure the Information Security team stays abreast of new regulatory, legal and/or compliance data security requirements. Ensure compliance with HIPAA, HITRUST, and applicable legal and regulatory requirements. Strong documentation and communications skills Work Environment/Physical Demands While at work, this position is primarily a sedentary job and requires that the associate can work in an environment where they will consistently be seated for the majority of the work day This role requires that one can sit and regularly type on a key board the majority of their work day This position requires the ability to observe a computer screen for long periods of time to observe their own and others work, as well as in-coming and out-going communications via the computer and/ or mobile devices. The role necessitates the ability to listen and speak clearly to customers and other associates. The work environment is an open room with other associates and noise from others will be part of the regular work day. Show more Show less

Cortex is urgently hiring for the role : ''Data Engineer'' Experience: 5 to 8 years Location: Bangalore, Noida, and Hyderabad (Hybrid, weekly 2 Days office must) NP: Immediate to 10days only Key skills: Candidates Must have experience in Python, Kafka Stream, Pyspark, and Azure Databricks Role Overview We are looking for a highly skilled with expertise in Kafka, Python, and Azure Databricks (preferred) to drive our healthcare data engineering projects. The ideal candidate will have deep experience in real-time data streaming, cloud-based data platforms, and large-scale data processing. This role requires strong technical leadership, problem-solving abilities, and the ability to collaborate with cross-functional teams. Key Responsibilities Lead the design, development, and implementation of real-time data pipelines using Kafka, Python, and Azure Databricks. Architect scalable data streaming and processing solutions to support healthcare data workflows. Develop, optimize, and maintain ETL/ELT pipelines for structured and unstructured healthcare data. Ensure data integrity, security, and compliance with healthcare regulations (HIPAA, HITRUST, etc.). Collaborate with data engineers, analysts, and business stakeholders to understand requirements and translate them into technical solutions. Troubleshoot and optimize Kafka streaming applications, Python scripts, and Databricks workflows. Mentor junior engineers, conduct code reviews, and ensure best practices in data engineering. Stay updated with the latest cloud technologies, big data frameworks, and industry trends. If you are interested kindly send your resume to us by just clicking '' easy apply''. This job is posted by Aishwarya.K Business HR - Day recruitment Cortex Consultants LLC (US) | Cortex Consulting Pvt Ltd (India) | Tcell (Canada) US | India | Canada

Title: information Security Lead Location: Gurugram/Work from Home Shift: Night Shift Mandatory skills: 8+ yrs in Information Security, including audits& compliance, certification (any- CISSP, CISA, ISO27001, SOC) Position Summary The Information Security Lead is responsible for designing, implementing, and managing a comprehensive information security program to protect organizational systems, infrastructure, and sensitive data from cyber threats and breaches. This role requires a strong blend of technical expertise, strategic planning, and leadership to ensure regulatory compliance (e.g., HIPAA, HITRUST CSF, PCI-DSS), mitigate risks, and maintain a secure operating environment. The role also includes leading external audit and certification processes, managing security operations, and aligning security strategies with business objectives. Minimum Qualifications - Experience: Minimum of 8 years in Information Security, including audit and compliance - Certifications: CISSP, CISA, ISO 27001, SOC 2 Key Responsibilities - Develop and maintain enterprise-wide information security policies and programs - Ensure compliance with industry standards and regulatory frameworks, including HIPAA, HITRUST, PCI-DSS, ISO 27001, GLBA, - Hands-on experience conducting risk management by identifying gaps and providing strategies for mitigation. - Establish appropriate security controls based on defined data classifications to align with applicable laws/regulations/standards (e.g. GLBA, SOX). Interested individuals can apply here or share the profile to hr@lancetechsolutions.com Job Type: Full-time Pay: ₹2,000,000.00 - ₹2,500,000.00 per year Benefits: Work from home Work Location: In person

Line of Service Advisory Industry/Sector Not Applicable Specialism Risk Management Level Senior Associate Job Description & Summary At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. Those in internal audit at PwC help build, optimise and deliver end-to-end internal audit services to clients in all industries. This includes IA function setup and transformation, co-sourcing, outsourcing and managed services, using AI and other risk technology and delivery models. IA capabilities are combined with other industry and technical expertise, in areas like cyber, forensics and compliance, to address the full spectrum of risks. This helps organisations to harness the power of IA to help the organisation protect value and navigate disruption, and obtain confidence to take risks to power growth. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " JOB DESCRIPTION ITGC Reviews, IT Internal Audits, Controls Testing, Compliance Reviews, ISO 27001 Reviews, HIPAA/ HITRUST Reviews Purpose of the Job /Role Perform IT Assessment Reviews which includes IT General Controls, Internal Audits, Controls Testing, Compliance Reviews (such as ISO 27001, HIPAA, HITRUST etc.) Roles And Responsibilities Strong understanding of IT General Controls domains such as Change Management ,User Access Management, IT Operations, Back and Recovery Management etc Strong understanding of the third-party risk management Implementation and assessment knowledge of various industry standards, frameworks, and compliances such as ISO 27001, HIPAA, HITRUST, ISO 22301, ISO 27701 etc Understanding of the IT Risk Assessment methodologies and ability to comprehend and apply the knowledge during IT assessment lifecycle Interview client stakeholders and conducts walkthrough meetings and develop assessment artifacts Should understand complete assessment lifecycle from assessment scoping to project deliverables Great communication skills and the ability to break down and explain complex data security problems Excellent presentation skills and ability to effectively communicate proposals and point of view at senior management levels Education Mandatory Skill Sets ITGC Preferred Skills Sets IT Risk Assessment Years Of Experience Required 4 years Minimum Qualification: BE/ BTech, Postgraduates in any stream would be preferred (not mandatory) Prior Big 4 experience would be an added advantage Experience in IT Risk Advisory/ Assurance for varied industry segments preferred Excellent communication skills - both written and oral Certifications: CIA/CISA/CISM will be added advantage Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Technology, Master of Business Administration Degrees/Field Of Study Preferred Certifications (if blank, certifications not specified) Required Skills ITGC Optional Skills Accepting Feedback, Accepting Feedback, Accounting and Financial Reporting Standards, Active Listening, Analytical Thinking, Artificial Intelligence (AI) Platform, Auditing, Auditing Methodologies, Business Process Improvement, Communication, Compliance Auditing, Corporate Governance, Creativity, Data Analysis and Interpretation, Data Ingestion, Data Modeling, Data Quality, Data Security, Data Transformation, Data Visualization, Embracing Change, Emotional Regulation, Empathy, Financial Accounting, Financial Audit {+ 24 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters. The Position We are seeking a knowledgeable and experienced ISO 13485 Quality Management Expert to lead and support the implementation, and maintenance of our Quality Management System (QMS) in compliance with ISO 13485:2016, MDSAP and relevant regulatory requirements. The ideal candidate will play a key role in ensuring that our medical device products meet the highest standards of quality and safety. Lead the development, implementation, and continuous improvement of the QMS in accordance with ISO 13485 and applicable regulatory requirements (e.g., FDA 21 CFR Part 820, MDR) Prepare for and manage internal and external audits (including notified body, regulatory agency) Conduct risk assessments, gap analyses, and process validations Ensure proper documentation, training, and compliance across all quality-related functions Support the creation and revision of SOPs, work instructions, forms, and other quality documents Collaborate with cross-functional teams (engineering, regulatory affairs, Global Q&R etc.) to ensure product and process quality throughout the lifecycle Monitor quality KPIs and prepare reports for management review Identify and lead corrective and preventive actions (CAPAs), non-conformances (NCs), and root cause analyses (RCAs) Provide ISO 13485 and QMS training to employees at all levels Monitor training compliance for the site 5+ Years experience; recognised internally as an expert in own job discipline Bachelor’s / Master degree in Life Science, Data Science, Engineering or related subject or equivalent experience. Experience working in a Software as a Medical Device (SaMD) environment is preferred In-depth knowledge of ISO 13485, ISO 14971, IEC 62304, IEC 82304, FDA, QSR, EU-MDR and legislation for Software as a Medical Device or IVD. Knowledge of ISO 27001 family of standards, HITRUST, HIPAA and GDPR will be an advantage Experience in preparing for and participating in audits and inspections Strong analytical, problem-solving, and communication skills Certification in ISO 13485 auditing (e.g., Lead Auditor) is preferred Familiarity with electronic QMS systems and tools is a plus Has worked in more than one function within quality management and may have worked outside of Quality Management. Can manage highly complex and/or global projects, or equivalent experience Who we are A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact. Let’s build a healthier future, together. Roche is an Equal Opportunity Employer.

Information Security Technical writer team seeks an experienced Senior Technical Writer to drive, create and update IT related documentation. This may include developing new policies and standard operating procedures (SOPs) to comply with industry standards and frameworks, contractual obligations, or local law, updating and maintaining existing procedures, liaising with appropriate personnel to ensure that compliance workflow management systems are configured in accordance with documented procedures, managing the policy lifecycle end to end. This position will work closely with subject matter experts such as software development teams, Enterprise IT, HR, and Legal team leads and stakeholders. What you'll do: Connect with subject matter experts and proactively manage your own learning to become familiar with our technology offerings, internal controls landscape, and internal compliance processes. Work with compliance and audit team members and other subject matter experts and functional leads to implement timely and effective edits until documentation is ready for publication on time. Suggest improvements to documentation and processes whenever possible, eventually demonstrating ownership of the technical writing function. Adhere to design template and company style guide while organizing and writing documentation. Assist with development and maintenance of applicable training and educational material (e.g., byte sized informational modules to educate end users on appropriate use of documented policies) Develop and propose documentation plans and outlines for new procedures, user/training guides and supporting materials; estimating project length and keeping everyone involved on time. Enhance and maintain existing documentation to deadline. Proactively manage the policy lifecycle (development, periodic review and approval, version control, publishing of approved policies and procedures to the company intranet). Work with appropriate personnel to make sure that ZSs compliance workflow management systems are always in sync (configured) with newly documented or updated policies. Perform additional duties as required from time to time. What you'll bring: BS/BA in English, Journalism, Communications, Technical Writing, Computer Science, or other relevant field of study required. 3.5 - 5 yearstechnical writing experience, preferably documenting IT policies and procedures. Experience with Visio or other process flow visualization tool, Snagit tool required. Superior writing, editing, and communication skills required. Excellent command over the English language (especially grammar and sentence composition skills) required. Strong experience using Microsoft Suite (Word, Excel, PowerPoint, OneNote, Outlook etc.). Experience with authoring tools (e.g., MadCap Flare or any other authoring tool) will be an added advantage. Familiarity/working knowledge of various compliance frameworks (e.g., ISO 27001, ISO 22301, ISO 27702, HITRUST, PCI DSS, SOC Audits) preferred. Experience learning about and communicating complex topics. Outstanding organizational/time management, planning and prioritization skills.

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. As a Senior Cloud/DevOps Engineer at Optum, you will be a pivotal force in accelerating our journey towards a more agile, secure, and highly automated cloud-native future. You will leverage your extensive expertise in cloud platforms and DevOps methodologies to design, implement, and maintain robust, scalable, and secure infrastructure and applications. A key focus of this role will be the strategic integration and application of Artificial Intelligence (AI) to enhance automation, streamline operations, and proactively identify and mitigate security threats. You will work within a dynamic and collaborative environment, partnering with development teams, architects, and security professionals to drive best practices, optimize performance, and ensure the reliability of our critical healthcare systems. This role demands a solid understanding of the end-to-end software development lifecycle and a passion for continuous improvement and innovation. Primary Responsibilities: Cloud Infrastructure & Platform Management: Design, implement, and manage highly available, scalable, and fault-tolerant cloud infrastructure within AWS, Azure or Oracle Cloud environments Provision, configure, and operate cloud services such as compute, storage, networking and databases (RDS, Cosmos DB, Cloud SQL) Develop and maintain Infrastructure as Code (IaC) using tools like Terraform, CloudFormation, or ARM templates to ensure consistent and repeatable deployments DevOps and CI/CD Automation: Design, implement, and maintain robust CI/CD pipelines using tools like Jenkins, GitHub Actions or Azure DevOps to automate software delivery from code commit to production deployment Implement advanced deployment strategies (e.g., blue/green, canary, rolling updates) to minimize downtime and mitigate risk Champion and implement DevOps best practices, including continuous integration, continuous delivery, automated testing, and release management Security & Compliance: Implement and enforce robust cloud security best practices, including identity and access management (IAM), network security, data encryption, and security group configurations Conduct regular security audits and vulnerability assessments, working closely with security teams to remediate findings Develop and implement automated security checks and guardrails within the CI/CD pipeline to ensure security by design Ensure compliance with relevant industry regulations (e.g., HIPAA, HITRUST, PCI) and internal security policies Troubleshooting & Support: Provide expert-level support for complex infrastructure and application issues, troubleshooting and resolving production incidents in a timely manner Participate in on-call rotations as needed to ensure 24/7 system availability Conduct root cause analysis for incidents and implement preventative measures Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications: 8+ years of experience in Information Technology roles 5+ years of hands-on experience in cloud platforms (AWS, Azure, or Oracle Cloud) with a solid understanding of core services and architectural patterns 3+ years experience in designing, implementing, and managing highly available, scalable, and secure cloud infrastructure 3+ years experience with Infrastructure as Code (IaC) tools (e.g., Terraform, CloudFormation) 3+ years experience in scripting languages (e.g., Python, Bash, PowerShell) for automation 5+ years experience with CI/CD pipeline implementation and management using tools like Jenkins, GitLab CI/CD, or Azure DevOps Preferred Qualifications: Relevant cloud certifications Solid understanding of containerization technologies (Docker) and orchestration platforms (Kubernetes) Experience with monitoring, logging, and alerting tools (e.g., Prometheus, Grafana, Datadog, Splunk) Expertise in cloud security best practices, including IAM, network security, data protection, and compliance frameworks (e.g., HIPAA, SOC 2, PCI) At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone - of every race, gender, sexuality, age, location and income - deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission. #NJP #Gen

About The Role As a Senior Consultant, your responsibilities will include standard project execution and client service activities, focused on IT compliance assessments (e.g., SOC 2 and ISO engagements). You will have the opportunity to gain project experience with clients ranging from start-ups to enterprises, across a variety of industries. As an added benefit, A-LIGN does not require Delivery Consultants to report time or sell work! Reports to: Delivery Manager and Senior Manager Pay Classification: Full-Time Responsibilities Plan and execute various IT compliance assessments (e.g., SOC 2, ISO 27001, and other similar engagements), under the direction of a member of the management team Perform IT compliance testing for various IT compliance assessments, under the direction of a member of the management team Create agendas for IT compliance assessments Perform IT compliance testing under the direction of the management team Communicate effectively to the management team, prior to, during, and post fieldwork (i.e., testing phase) Review manager’s planning meeting minutes, and prepare as appropriate for meetings Prepare testing lead sheets throughout the project Review evidence uploaded by the client for appropriateness Provide feedback regarding appropriateness of evidence uploaded by the client Provide detailed project status reports weekly to management Organize client information on A-LIGN’s Shared Drive Proactively communicate any potential issues to the management team Experience Minimum Qualifications At least 3 years of experience in IT audit, preferably with the Big 4 or a mid-tier audit/consulting firm Knowledge of various IT compliance standards including SOC 2, ISO 27001, PCI Experience using Microsoft Office suite including Word, Outlook, PowerPoint, and Excel Skills Ability to meet deadlines with a high degree of motivation Thrives in a fast-paced environment Ability to effectively multitask Ability to work individually as well as collaboratively Demonstrate capabilities with moderate supervision Ability to determine appropriateness of evidence provided by the client Strong interpersonal skills with a service-oriented mindset who can work well within a team as well as independently Must be detail oriented and organized in completing tasks Must be proactive, anticipate roadblocks, and offer solutions Ability to utilize the Microsoft Office suite including Word, Outlook, PowerPoint, and Excel Must have a sense of urgency around completing tasks and the order and priority of tasks based on business needs Strong composition, grammar, and business language skills Strong communication and interpersonal skills with the ability to effectively communicate with the management team and colleagues. Ability to work independently, set priorities and handle multiple tasks with a high level of efficiency About A-LIGN A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. To learn more, visit a-lign.com Come Work for A-LIGN! Apply online today at A-LIGN.com and learn about life at A-LIGN by following us on LinkedIn A-LIGN is an Equal Opportunity Employer! Minorities, women, disabled, and veterans encouraged to apply

Job Description #KGS Roles & responsibilities Conduct external audits in accordance with the PCAOB (Public Company Accounting Oversight Board) Auditing Standards Lead team in conducting Process understanding discussions with the Clients as part of assessing risks arising from their use of Technology and identify control gaps within their processes Lead team in evaluating and documenting the design and operating effectiveness of technology controls (GITCs and ITACs) pertaining to Client’s Internal Controls over Financial Reporting Lead team in performing SOC 1 and SOC 2, SOC 2+ (HITRUST), SSAE18 assessments in accordance with the attestation standards established by the AICPA (American Institute of Certified Public Accountants) Demonstrate strong project management skills for all engagements being led Demonstrate the ability to identify opportunities and innovative ways to efficiently deliver on engagements and/or implement internal process improvements / automations Contribute to the Automation agenda of the practice by assisting in developing/testing for different bots and tools Conducting IT audits to assess the effectiveness of internal controls, risk management, and compliance with regulations Collaborating with cross-functional teams to ensure IT controls are integrated into business processes Documenting audit findings, preparing reports and recommendations for the management Provide opportunity to junior team members and coach them on day-to-day tasks Contribute to the Knowledge Management agenda of the practice by assisting in technical knowledge development and trainings Possess knowledge of tools and techniques to drive audits for different industries or sectors Review work of junior team members for quality as per relevant auditing standards Evaluating IT systems, processes, and policies to identify vulnerabilities, weaknesses, and areas for improvement Developing and executing audit plans, including scoping, testing, and reporting Assessing IT risks and recommending controls to mitigate those risks Mandatory technical & functional skills Experience in evaluating and testing Process level manual, automated controls and General IT Controls. Experience in evaluating risks across a variety of IT platforms (including ERPs, UNIX/Linux, Windows, Mainframe, iSeries (AS400), SQL, Sybase, Oracle, DB2 and popular Cloud Hosted solutions) Experience of industry standards and frameworks such as COBIT, COSO, HIPAA etc. preferred. Strong Understanding of different Industry sectors preferred. Preferred Technical & Functional Skills Flair to be abreast with emerging Technology / innovations like Cloud computing, Agile, Blockchain, AI etc. Proficient with MS Office suite of applications [MS Word, MS Exec, MS PowerPoint, Power BI]. Certifications like CISA, CISSP, HITRUST,ISO etc. Key behavioral attributes/requirements Critical thinking and analytical ability. Excellent written and verbal communication skills. Flexibility to adapt to a variety of situations and multitask. Ability to work both independently and as part of a team. Personal drive and positive work ethic. Innovative mindset. Collaborate and build rapport with onshore and offshore teams Uphold the firm’s code of ethics and business conduct Responsibilities Roles & responsibilities Conduct external audits in accordance with the PCAOB (Public Company Accounting Oversight Board) Auditing Standards Lead team in conducting Process understanding discussions with the Clients as part of assessing risks arising from their use of Technology and identify control gaps within their processes Lead team in evaluating and documenting the design and operating effectiveness of technology controls (GITCs and ITACs) pertaining to Client’s Internal Controls over Financial Reporting Lead team in performing SOC 1 and SOC 2, SOC 2+ (HITRUST), SSAE18 assessments in accordance with the attestation standards established by the AICPA (American Institute of Certified Public Accountants) Demonstrate strong project management skills for all engagements being led Demonstrate the ability to identify opportunities and innovative ways to efficiently deliver on engagements and/or implement internal process improvements / automations Contribute to the Automation agenda of the practice by assisting in developing/testing for different bots and tools Conducting IT audits to assess the effectiveness of internal controls, risk management, and compliance with regulations Collaborating with cross-functional teams to ensure IT controls are integrated into business processes Documenting audit findings, preparing reports and recommendations for the management Provide opportunity to junior team members and coach them on day-to-day tasks Contribute to the Knowledge Management agenda of the practice by assisting in technical knowledge development and trainings Possess knowledge of tools and techniques to drive audits for different industries or sectors Review work of junior team members for quality as per relevant auditing standards Evaluating IT systems, processes, and policies to identify vulnerabilities, weaknesses, and areas for improvement Developing and executing audit plans, including scoping, testing, and reporting Assessing IT risks and recommending controls to mitigate those risks Mandatory technical & functional skills Experience in evaluating and testing Process level manual, automated controls and General IT Controls. Experience in evaluating risks across a variety of IT platforms (including ERPs, UNIX/Linux, Windows, Mainframe, iSeries (AS400), SQL, Sybase, Oracle, DB2 and popular Cloud Hosted solutions) Experience of industry standards and frameworks such as COBIT, COSO, HIPAA etc. preferred. Strong Understanding of different Industry sectors preferred. Qualifications This role is for you if you have the below Education Qualification: BE/B.Tech, B.Com, BCA, B.Sc, MBA, M.Sc, MCA, M.Tech, CA. Work Experience: The candidate must have 3-6 years of relevant experience in a similar role, preferably with a Big 4 firm.

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. Primary Responsibilities Perform audits to identify control gaps and implement corrective action plans Ensure alignment of security policies/standards with IT infrastructure frameworks (e.g., ISO 2700x, NIST, ITIL) Monitor compliance with corrective action plans, and address non-compliance issues appropriately Demonstrate understanding of discovery technologies to identify system vulnerabilities (e.g. scanning tools) Establish appropriate security controls based on defined data classifications to align with applicable laws/regulations/standards Facilitate/lead security incident investigation Analyze business requirements and ensure that solutions meet established security policies and controls Maintain metrics and ensure reporting as appropriate Maintain current knowledge on information security topics and their applicability program requirements Communicate professionally with stakeholders/end users through multiple communication Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications Bachelor's degree or higher level of education 6+ years of Information security experience Experience with ISO27001 (ISMS), ISO31000 (Risk management), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2 Demonstrated auditing skills and the ability to manage risk assessments / projects independently Demonstrated excellent communication skills both verbal and written Demonstrated good presentation skills particularly ability to present technology elements in manner personnel can follow and act Preferred Qualification CISSP, CISA or ISO27001 Lead Implementer or Lead Auditor certification At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission. #njp