436 It Audit Jobs - Page 12

Role detail 4 to 8 years of experience in assurance, information security, vendor/ supplier/ third party risk assessment Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO22301, privacy etc. Knowledge of technical domains such as network security, cloud security, application security, control testing Knowledge of concepts such as vendor risk profiling, country risk assessment, outsourcing/ technology regulations Experience in assessing emerging technologies such as robotics, IOT, DLT, Social, Mobile etc., Exposure to TPRM specific regulations (FED, MAS, OCC, etc.), Exposure in assessing different third parties e.g. Brokers, Exchanges, etc., Worked with TPRM tools, platforms & utilities such as KY3P, TruSight, ServiceNow, OneTrust, CyberGRX, Coupa etc, Strong Auditing skills is desired, experience in IT Compliance, ITGC testing, and Assurance is a plus Strong problem solving and logical approach skills Excellent written and verbal communication skills Consistent display of technical proficiency Ability to work well in teams Willingness to travel within India or abroad for project/assignments. Demonstrate integrity, values, principles, and work ethic and lead by example CISA/ CISSP/ CISM/ISO27001 LA / LI / Cloud security certificates Prior exp in IT Audit, SOC 1, SOC 2 Qualifications: Bachelors degree in computer science or related field Excellent communication and team collaboration skills

Information Security Manager shall be primarily responsible to : - Run and manage the BAU security infosec operations - Create and maintain ISMS Policy and Process documents - Ensure Infosec compliance with RBI and other regulatory agencies - Participate in IT Infosec Audits and ensure closure of observations within given timeliness - Conduct regular VAPT (Vulnerability Assessments) and track closure of open observations - Identifying and evaluating new IT security technologies and services and implementing it - Ensure cyber security related polices and technologies are in place - Conducting regular Inforsec Awareness within users in the organization The person needs to work closely with the CISO and other stakeholders Risk, IT and Audit teams. The position will based at CreditAccess Grameen HQ in Bangalore, and may require short term travel on need basis to other CAGL offices. Key Accountability: Ensuring adequate security controls are in place & working effectively within the organization for information & cyber security Ensuring effectiveness of all IT controls to prevent any unauthorized access or activities at a system administration level Identify potential security weaknesses through vulnerability assessments and track them to closure within the timeliness Tracking and reporting key risk indicators defined for IT processes Create and maintain the documentation for information system audits in accordance with regulatory and compliance requirements Create Review ISMS policy and process Implement Strategic IT Infosec projects to strengthen the overall IT Security posture at CAGL Mandatory Key Skills BAU,ISMS Policy,IT Infosec Audits,VAPT,cyber security,CISO,Risk,IT Audit,key risk indicators,Information Security*

Volvo India is looking for Senior IT Security Officer to join our dynamic team and embark on a rewarding career journey. Ensure the security, safety and well-being of all personnel, visitors and the premises Provide excellent customer service Adhere to all company service and operating standards Remain in compliance with local, state and federal regulations Immediately respond to emergencies to provide necessary assistance to employees and customers Protect the companys assets relative to theft, assault, fire and other safety issues Follow procedures for various initiatives, including fire prevention, property patrol, traffic control and accident investigations

Job Title Security Analyst Role and Responsibilities The security Analyst is a member of the CISO Regulatory & Compliance Team and will assist in ensuring the associated business units / accounts comply with applicable Conduent and NIS 2 security standards, regulations, and policies.The Security analyst will be professional, independent, impartial, and fair in all interactions. The security resource is accountable for procedures and processes that ensure the integrity, confidentiality, and availability of assigned Business units\u2019 information, applications, and infrastructure. Resource will perform routine risk assessments, security audits, and vulnerability scans to identify, evaluate, document, and remediate organization risk, control gaps and vulnerabilities. This position will be responsible for developing security reports, security recommendations, and security policies and procedures that are meaningful, defensible, and actionable for a variety of audiences as pertained to assigned business units. Perform log collection, correlation, reviews, archival, retention, and monitoring of automated alerts for items such as, and not limited to IPS/IDS alerts; change detection (FIM) alerts application firewall alerts; malware alerts rogue wireless network alerts security system health alerts; exploit attempt alerts Participate and be an integral component of audit, compliance, and regulatory functions, including and not limited to audits of system security to ensure compliance with Corporate security framework NIS 2, NIST 800-53, ISO 27001/2, PCI-DSS emerging country, state, and Federal privacy laws Primary POC in a vulnerability management program of the account that includes external and internal vulnerability scans of applications and systems external and internal penetration tests of applications and systems documentation and remediation of identified vulnerabilities and exploits routinely monitoring various communication avenues for security vulnerabilities and security patches taking a risk-based approach comparing those security vulnerabilities and security patches across the operating environments making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities Coordinate with business units, operations, and technology teams for incident response, remediation, and improvement Acts as the initial point of contact to facilitate the handling of security audits and client requests Supports the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, and making changes necessary to address deficiencies Maintain documentation that supports the annual Security compliance attestation as it is relevant to the assigned Business units Qualifications and Education Requirements CIPP, CRISC, CISA, CISSP, CISM, ISO or any security/IT audit certification is a plus. Minimum of Five (3 to 5) Years of experience in IT Security compliance, or Security Auditing is required. Knowledge and understanding of security controls across all security domains, such as access management, encryption, vulnerability management, authentication, authorization, network security, physical security, etc. Ability to identify security risks in application, system, and network architecture, data flow, and processes or procedures Ability to assess the organizational impact of identified security risks and recommend solutions or mitigating controls. Knowledge of security technologies, devices, and countermeasures, as well as the threats they are designed to counter. Experience with developing security reports, recommendations, policies, and procedures that are meaningful, defensible, and actionable for a variety of audiences. Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks). Experience in PowerPoint, Word, Excel; experience with Visio and MS Project. Communication skills (interpersonal, verbal, presentation written, email). Experience to write report segments and to participate in presentations. Familiarity with security, workflow, and collaboration tools such Nessus Tenable, Splunk, SharePoint and ServiceNow (Snow) is a plus Positive attitude, team player, self-starter; takes initiative, ability to work independently and effectively with all levels of staff and management both internally and externally Preferred Skills Creating and Maintaining NIST 800-53-rev5 based SSP and POAM Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks). Conduent is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity, gender expression, sex/gender, marital status, sexual orientation, physical or mental disability, medical condition, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by law. People with disabilities who need a reasonable accommodation to apply for or compete for employment with Conduent may request such accommodation(s) by submitting their request through this form that must be downloaded:click here to access or download the form. Complete the form and then email it as an attachment toFTADAAA@conduent.com.You may alsoclick here to access Conduent's ADAAA Accommodation Policy. At Conduent we value the health and safety of our associates, their families and our community. For US applicants while we DO NOT require vaccination for most of our jobs, we DO require that you provide us with your vaccination status, where legally permissible. Providing this information is a requirement of your employment at Conduent.

Project Role : Tech Delivery&Op Excellence Practitioner Project Role Description : Understand how to deliver value to clients, and use that commercial competency to apply methods or certifications appropriately. Attention to detail and deep expertise allow them to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Must have skills : Governance Risk Compliance (GRC) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Delivery Lead, you will manage the delivery of large, complex projects using appropriate frameworks, collaborate with sponsors to manage scope and risk, drive profitability and continued success, measure and communicate progress to leadership, and support sales through innovative solutions and delivery excellence. Key Responsibilities:Delivery Assurance specialists work with the service delivery organization and other compliance related functions to help1:Perform and supervise audits/reviews to assess risks in IO service environment2:Manage risk in service delivery to an acceptable level2:Increase the level of awareness of and compliance with policy/process related matters3:Support successful completion of various external compliance certification programs/internal compliance assessments4:Introduce continual improvement including lessons learned from matters requiring intervention.5:This successful candidate for this role will be a member of a dedicated team operating a Controls and Compliance function, which will perform audit style reviews of IO Services outsourcing engagements covering compliance matters and operational service management and service delivery good practice. Technical Experience:1:Minimum four to five years experience in Auditing principles and practices2:Minimum four to five years experience in Infrastructure Services3:Contract Management / Service Reporting4:Risk management or assessment5:Stakeholder management6:Good to have Certifications-CISA/ISO-27001 Lead Auditor/ITIL certification/PPSM and awareness of ISO 20000/CRISC/CISSP/CISM/CIPM/CIPT/CIPP/SOC1/SOC2 awareness, BCM ISO 223001 Professional Attributes:1:Good communication2:Teamwork3:Problem Solving Capabilities4:Work Planning and Management 5:Quick Learner6:Eager to take on responsible task7:Dedicated and Focused Educational Qualification:1:MBA-Information Security/ IT2:BE/B-Tech with CS/IT/related domain3:BSc- IT Additional Information:(i.e., travel, overtime %):1:Occasional within country travel 2:Flexibility in working hours Qualification 15 years full time education

Project Role : Tech Delivery & Op Excellence Lead Project Role Description : Use operational excellence methods, processes and tools to ensure successful delivery of technology projects. Drive continuous improvement and partner with project and sales teams as the technology delivery subject matter expert. Must have skills : Governance Risk Compliance (GRC) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Delivery Lead, you will manage the delivery of large, complex projects using appropriate frameworks, collaborate with sponsors to manage scope and risk, drive profitability and continued success, measure and communicate progress to leadership, and support sales through innovative solutions and delivery excellence.Key Responsibilities:Delivery Assurance specialists work with the service delivery organization and other compliance related functions to help1:Perform and supervise audits/reviews to assess risks in IO service environment2:Manage risk in service delivery to an acceptable level2:Increase the level of awareness of and compliance with policy/process related matters3:Support successful completion of various external compliance certification programs/internal compliance assessments4:Introduce continual improvement including lessons learned from matters requiring intervention.5:This successful candidate for this role will be a member of a dedicated team operating a Controls and Compliance function, which will perform audit style reviews of IO Services outsourcing engagements covering compliance matters and operational service management and service delivery good practice. Technical Experience:1:Minimum six to seven years experience in Auditing principles and practices2:Minimum six to seven years experience in Infrastructure Services3:Contract Management / Service Reporting4:Risk management or assessment5:Stakeholder management6:Good to have Certifications-CISA/ISO-27001 Lead Auditor/ITIL certification/PPSM and awareness of ISO 20000/CRISC/CISSP/CISM/CIPM/CIPT/CIPP/SOC1/SOC2 awareness, BCM ISO 223001 Professional Attributes:1:Good communication2:Teamwork3:Problem Solving Capabilities4:Work Planning and Management 5:Quick Learner6:Eager to take on responsible task7:Dedicated and Focused Educational Qualification:1:MBA-Information Security/ IT2:BE/B-Tech with CS/IT/related domain3:BSc- IT Additional Information:(i.e., travel, overtime %):1:Occasional within country travel 2:Flexibility in working hours Qualification 15 years full time education

Job Description: IT Audit and GRC Executive Location: Gurgaon (90% On-Site, 10% Remote) Salary: INR 5-6 Lacs a year ISO 27001 GRC Activities (implementation and maintenance) ISMS/ IS cybersecurity risks Troubleshooting and Monitoring

EYGDS is actively seeking seasoned ITGC SAP professionals to join our team. Experience required - 3 to7 years Locations - Gurgaon, Bangalore, Pune, Chennai, Noida, Pune, Kochi, Trivandrum & Kolkata Required Skills: Experience in reviewing and controls testing of SAP S4 Hana / SAP ECC including IT general controls (ITGC) and IT Application Controls (ITAC) pre & post implementation reviews migration testing. Security & configurations such as debugging, client settings, etc. Understanding of the TCode, tables used to extract the data from SAP S4 Hana / SAP ECC with relation to ITGC and ITAC testing. Understanding of SAP S4 Hana / SAP ECC user access security architecture (Roles, profiles, Authorization objects). Good to have certifications on SAP S4Hana/ SAP ECC security or business modules, CISA, CISSP

Looking for a candidate with 5–8 years of experience in IT Audit, Risk Management, and Compliance within Banking/NBFCs. Must have expertise in COBIT, NIST, RBI guidelines, ISO standards, IT systems and risk assessments. CISA certification is must.

The primary function of the role will be to develop and manage the audit strategy and plan for proactively and qualitatively conducting the corporate functions audits across the corporate, risk management and control. Somebody who has experience doing IT Audit in Digital Lending space then this opportunity awaits you. Develop audit strategies for identification and assessment of various risks Information Technology (IT) Infrastructure, Information Security and IT Applications Audits and in corporate, risk management and control functions including Compliance risk, Legal risk, Fraud risk, Operational risk, Third party risk/Outsourcing risk, Liquidity risk, Financial risk, People risk, Reputational risk etc. Develop audit plans based on risk assessment and regulatory framework; ensure use of advanced integrated auditing concepts and extensive use of technology and data analysis for achievement of the audit objectives Develop specialized audit team for timely and quality execution of complex and specialized audit reviews covering all the key areas of corporate functions including risk management functions and control functions. Conduct risk-based, thematic and specialized audit reviews to assess the adequacy and effectiveness of the risk management and controls Conduct review of application controls (automated business process controls) in the applications used by corporate, risk management and control functions and management information systems to assess adequacy and effectiveness of the controls Provide effective recommendations for improvements to the organization policies, processes and practices based on leading industry practices and emerging risks Develop processes for adequate and effective audit coverage of various risks including Information Technology (IT) Infrastructure, Information Security and IT Applications, Compliance risk, Legal risk, Fraud risk, Operational risk, Third party risk/Outsourcing risk, Liquidity risk, Financial risk, People risk, Reputational risk etc. and various applicable laws and regulatory circulars / guidelines across various regulators. Keep audit procedures and checklists current and updated keeping pace and aligned with changes in internal policies/guidelines as well as legal/regulatory changes and evolving industry best practices. Ensure timely completion of audit plan and projects along with quality of audits, and meet with all audit documentation and reporting requirements as per audit policy and procedures and leading best practices. Active engagement with stakeholders for implementation of recommendations for effective risk mitigations and improvement in the control environment. Develop strategies for identification of triggers / risk hotspots and conduct unplanned reviews / investigations based on various triggers/ hot spots, directives received from regulators, board committees and senior management. Keep abreast of the emerging audit trends and drive key audit initiatives for efficient and effective achievement of the audit objectives. Implement an effective continuous monitoring framework for ongoing monitoring of risk relating to various business products, processes and units; Identify and develop automated test for ongoing monitoring of Information System & Security risk across the organization. Develop specialized audit team for execution of complex and specialized audit reviews covering IT Infrastructure, IT Applications, Information System & Security areas and risk management and controls across various risks including Compliance risk, Legal risk, Fraud risk, Operational risk, Third party risk/Outsourcing risk, Liquidity risk, Financial risk, People risk, Reputational risk etc. Develop, nurture and grow talent through effective employee engagement and management. Continuous development of self and the team through regular learning and sharing of knowledge / best practices.

Life Unlimited. At Smith+Nephew, we design and manufacture technology that takes the limits off living. Were on the lookout for hard-working individual who is ready to make an impact in medical equipment industry. If youre eager to be part of a dynamic environment that fosters growth and collaboration, look no further. Explore our latest job opening for IT SOX Specialist role and embark on a journey where your talents are valued and your potential is limitless. Lets craft the future together! What will you be doing? Your will contribute and focus primarily on being responsible for the IT SOX program at Smith+Nephew. Strong collaboration and undertake training on Smith+Nephew IT SOX Policy Procedures and Processes. Supported by the senior team members. Perform reviews of IT control design. Perform testing of IT controls. Support Control Owners through external audit meetings and audit activities Support in the remediation of audit deficiencies. This role will be expanded to include additional responsibilities and opportunities to grow your experience. Required to review vendor SOC reports (training provide if this is new) What will you need to be successful? Education: Bachelors or equivalent experience or Master s degree in IT. Any qualifications in IT audit would be useful for example Certified Information Systems Auditor (CISA). Experience: Minimum 3+ years of experience - Sarbanes Oxley IT General Controls work: reviewing and testing control, supporting external audits. The position requires the ability to :- Work in an office or from home (as required) with a high degree of PC work and meeting attendance. Assist SOX Program training, Performing Control Design Reviews and Performing Management Testing. Supporting Control Owners and Supporting other SOX Team members. Superb communication, collaboration, and relationship building and collaborator engagement skills. You Unlimited. We believe in crafting the greatest good for society. Our strongest investments are in our people and the patients we serve. Inclusion, Diversity and Equity- Committed to Welcoming, Celebrating and Thriving on Diversity, Learn more about Employee Inclusion Groups on our website ( https://www.smith-nephew.com/ ). Other reasons why you will love it here! Your Future: Major Medical coverage + Policy exclusions and insurance non-medical limit. Educational Assistance. Work/Life Balance: Flexible Personal/Vacation Time Off, Privilege Leave, Floater Leave. Your Wellbeing: Parents / Parents in Law s Insurance (Employee Contribution of 8,000/- annually), Employee Assistance Program, Parental Leave. Flexibility : Hybrid Work Model (For most professional roles) Training: Hands-On, Team-Customized, Mentorship Extra Perks: Free Cab Transport facility for all employees, One Time Meal provided to all employees as per shift. Night Shift Allowances.

About Lowe s Lowe s Companies, Inc. (NYSE: LOW) is a FORTUNE 50 home improvement company serving approximately 16 million customer transactions a week in the United States. With total fiscal year 2024 sales of more than $83 billion, Lowe s operates over 1,700 home improvement stores and employs approximately 300,000 associates. Based in Mooresville, N.C., Lowe s supports the communities it serves through programs focused on creating safe, affordable housing, improving community spaces, helping to develop the next generation of skilled trade experts and providing disaster relief to communities in need. For more information, visit Lowes.com. About the Team Internal Audit is an independent assurance/advisory function reporting functionally to the audit committee of the Board and administratively to the Finance function(CFO). IA is responsible for planning, executing, and reporting operational, compliance, financial, and technology audits. Job Summary: The IT Senior Auditor will work closely with the IT Lead Auditor and the IT Audit Manager to assist in audits that evaluate the effectiveness of internal controls established to manage the Company s most significant risks including IT General Controls (ITGCs) established for compliance with Sarbanes Oxley regulation. The IT Senior Auditor will assist in the planning and execution of audit/SOX engagements by conducting interviews and walkthroughs with process owners; assist in the development and execution of audit test steps associated with related controls; and prepare and review workpapers to document the audit work performed to support conclusions reached. The IT Senior Auditor will also interpret test results and will developing oral/written communication of audit/SOX results to the client. While the IT Senior Auditor will support highly complex projects and/or SOX ITGC audits, this role will also have the opportunity to lead other projects as well. Additionally, the IT Senior Auditor will actively participate in departmental non-project activities. II. Roles & Responsibilities: Project Evaluation and Data Integrity : Develop project plans and work programs to document and test internal controls/ITGCs from an Information Technology (IT) perspective Performs preliminary survey work and document processes to identify significant risks and their related controls within a specific IT process, application, etc. Execute test steps designed to evaluate the effectiveness of relevant internal cross-functional internal controls (i.e., store operations, financial, IT, etc.) Identify and document IT control design and effectiveness weaknesses based on analysis performed Summarize and clearly document audit findings within the audit report with the level of quality necessary for an executive audience Project Management : Coordinate with the internal teams and management to ensure project milestone timelines are met Applies technical knowledge of IT (in conjunction with Operations, Finance, etc.) to ensure efficiency throughout the audit engagement. Utilize internal resources to assist when audit topics require intermediate to advanced knowledge Continuously develop knowledge of audit tools and techniques to ensure quality audit work Efficiently manage time to complete assigned audit plan within the established deadlines following Lowe s Audit Methodology Project management responsibilities for smaller projects through day-to-day project management, by discussing expectations with the team, maintaining consistent communication throughout the audit engagement, and through reviewing Staff Auditor summarization of audit findings and results Project Communication : Ensure significant findings, root causes, risk exposures, and management action plans are concise and documented in a timely manner Clearly communicate technical audit exceptions and other items of concern in a timely manner to audit team and IT clients Develop client relationships professionally through consistent dialogue and open communications throughout the audit process Business Influence : Meet or exceed customers expectations while creating a seamless experience for the client by understanding how the IT Senior Auditor role, team goals, and daily activities fit into the company vision Drive for results by consistently meeting or exceeding deadlines for defined Audit Team or Departmental goals Colloboration with Others : Efficiently manage and organize work processes to ensure the most effective work flow. Support a collaborative environment by working in a team of peers to solve problems and share information with peers, manager, and customers as appropriate Self Development: Organize resources and information in an efficient manner to handle competing demands and accomplish what needs to be done III. Years of Experience: 4 to 7 years post qualification experience IV. Education Qualification & Certifications (optional) Required Minimum Qualifications : Bachelor s degree in Engineering/Information Technology or Accounting / Finance- Experience in internal/external audit, Accounting and SOX Skill Set Required Primary Skills (must have) Information technology experience Auditing experience Project management Team supervision Report writing and written communication Secondary Skills (desired) Accounting/Finance experience Information Security/operational experience Negotiation skills

FISERV Location: Thane What does a successful Internal Audit- IT professional do at FISERV? • Efficiently conduct the audit projects as per The Institute of Internal Auditors standards and in accordance with Fiserv global Internal Audit framework and methodologies. What will you do: • Should be able to direct/execute audit project independently (covering planning, fieldwork and reporting stages of audits) • Lead a variety of moderately complex to complex IT focused audits including IT governance, service and project delivery, audits of IT technical domains such as networks, infrastructure, and applications. • Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas • Planning, conducting walkthroughs, drafting process understanding and relevant controls. • Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls • Documenting and Reviewing Test of Designs and Test of Effectiveness controls. • Perform analytical procedures/analysis to test the effectiveness of controls. • Document audit procedures and cross reference working papers. • Create management representation letter comments and recommendations and draft audit reports for management review. • Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., • Validations of audit issues. • Conducting special reviews. What will you need to know: • Desired qualification: Computer Services engineering/ BSc/MSc-IT / BCA/MCA degree [with an emphasis in information technology or equivalent degree] • Experience: at least 6 to 8 years of IT Audit experience in assessing technology/IT controls and have experience in Internal Audit, Compliance & Risk Advisory services preferably in Banking and Financial services domain. • Experience in auditing IT Internal controls, IT risk mitigation and technology related processes reviews. • Good experience in IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. • Good client interfacing skills, drafting skills, communication, and interpersonal skills. • Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.) What would be great to have: • Desired certifications: CISA / CISSP / CISM / CCNA certified professionals

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together. As an IT Security Risk Manager, you would support information security policies, standards, and procedures to secure and protect data. Work directly with user departments to implement procedures and systems for the protection, conservation, and accountability of proprietary, personal, or privileged electronic data. Primary Responsibilities Perform audits to identify control gaps and implement corrective action plans Ensure alignment of security policies/standards with IT infrastructure frameworks (e.g., ISO 2700x, NIST, ITIL) Monitor compliance with corrective action plans, and address non-compliance issues appropriately Demonstrate understanding of discovery technologies to identify system vulnerabilities (e.g. scanning tools) Establish appropriate security controls based on defined data classifications to align with applicable laws/regulations/standards Facilitate/lead security incident investigation Analyse business requirements and ensure that solutions meet established security policies and controls Maintain metrics and report them. Maintain current knowledge on information security topics and their applicability program requirements Communicate professionally with stakeholders/end users through multiple communication Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications Bachelor's degree or higher level of education 4+ years of Information security experience Experience with ISO27001 (ISMS), ISO31000 (Risk management), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2 Proven auditing skills and the ability to manage risk assessments / projects independently Proven excellent communication skills both verbal and written Proven good presentation skills particularly ability to present technology elements in manner personnel can follow and act Preferred Qualification CISSP, CISA or ISO27001 Lead Implementer or Lead Auditor certification At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission.

Job Description : Approve, within the given mandate, all tier 2-4 Vendor assessments. Advice Global TPCRM and Global DPO on tier 1 Vendor assessments. Collect and evaluate latest Vendor Assurance documents (ISO 27001 certificates and SOC2 statements, tier 1-2) and store them. Escalate high risks to Global TPCRM and Global DPO Launch relevant Vendor assessments (internal and external) Support business departments (Global and OPCOs) and Vendors filling in Vendor assessments Reports: Monthly reporting on Key Performance Indicators (KPI) Reports on Vendor risks, threats or findings Exp : 3+ years Expertise with Vendor Risk Management, GRC, and ISO 27001. Shift timing : 1.00 PM-10 PM IST Hybrid mode of work Location : Hyderabad Notice Period : Immediate- 30 days only.

We are looking for a highly skilled and experienced Risk Consulting Senior Associate 1 to join our team in Bengaluru. The ideal candidate will have 3-5 years of experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls, and ERP Audits. Roles and Responsibility Develop an understanding of RSM Technology Risk Consulting approach, methodology, and tools. Perform technology risk assessments and review control's design and operating effectiveness. Conduct IT internal audit consulting activities, including audits over ERP systems, IT security, and other IT systems. Execute components of IT audits under offshore delivery models effectively and efficiently. Identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions to advise clients. Ensure documentation complies with quality standards and collaborate effectively with RSM consulting professionals, supervisors, and senior management. Manage multiple concurrent engagements and provide timely, high-quality client service that meets or exceeds expectations. Utilize problem-solving and critical thinking skills to quickly identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions to best advise our clients. Exercise professional skepticism, judgment, and adhere to the code of ethics while on engagements. Ensure service excellence through prompt responses to internal and external clients. Understand RSM US and RSM Delivery Center's LOBs and work as a team in providing an integrated service delivery. Ensure professional development through ongoing education. Job Requirements B.Tech/MCA/MBA with 3-5 years of relevant experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls, and ERP Audits. Intermediate knowledge of financials, operations, and technology and its related risks. Good knowledge of SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security, and risk management frameworks/standards (ISO 27001, NIST, COBIT, ITIL, PCI). Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP). Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word, and PowerPoint. MS Visio skills to develop process and data flow diagrams. Strong multi-tasking and project management skills. Excellent verbal and written communication (English) as this is a client-facing role and requires frequent communications with RSM International clients.

Visa is looking for a candidate to join its Cybersecurity 3rd Party Technology Risk Management (3PTRM) team as an Associate Cybersecurity Analyst, which works with several stakeholders to ensure appropriate processes, procedures, and controls are adequately designed and implemented to meet Visa security requirements and mitigate any risks that are associated with engagement of third parties. The Analyst will work closely with Supplier Relationship Owners (SROs) and other Cybersecurity teams such as penetration testers, security architects, etc to assess and monitor third parties that do business with Visa. The role requires the candidate to have strong analytical, communication, and organizational skills, as we'll as a solid understanding of cybersecurity concepts and best practices. Essential Functions: Perform risk/security assessments of Suppliers and Third-Party relationships to identify, validate and remediate risks Cybersecurity Risks. This may include performing interviews, document design assessments and walkthroughs of cybersecurity controls. Support ongoing monitoring of Suppliers and Third Party to review compliance against compliance and regulatory requirements. Participate and conduct onsite assessments of Third Parties against Visa s security framework and industry security standards. Support risk/security assessments for special projects involving Third Parties. Support PCI-related activities relevant to third parties to ensure compliance with PCI requirements. Exhibit pragmatism in formulating process remediation and implementation strategies, defining work tracks, and submitting assessment findings and recommendations. Proactively follow-up with Suppliers to ensure prompt remedial actions for assessment findings. Basic Qualifications: Bachelors degree, OR 3+ years of relevant work experience Preferred Qualifications: 2 or more years of work experience. Bachelor s degree in Computer Science, Information Systems, Engineering, or related field, or equivalent work experience. Minimum of 1 years of experience in cybersecurity, IT audit, or IT risk management. Experience in cybersecurity, IT audit, risk management, compliance, or related fields. Knowledge of cybersecurity frameworks and standards such as NIST, ISO, PCI, etc. Strong written and verbal communication skills, and ability to communicate effectively with technical and non-technical audiences. Ability to work independently and collaboratively in a fast-paced environment. Certifications such as CISSP, CISA, CISM, CRISC, or equivalent are preferred.

We are looking for a highly motivated and detail-oriented individual with 0 to 3 years of experience to join our team as a Risk Consulting Associate in the IT SOX domain. The ideal candidate will have excellent analytical skills, strong knowledge of financial services, and a passion for delivering high-quality results. Roles and Responsibility Develop an understanding of RSM Technology Risk Consulting approach, methodology, and tools. Perform technology risk assessments and review control design and operating effectiveness. Conduct internal audit consulting activities, including audits over ERP systems, IT security, and other IT systems. Execute components of IT audits under offshore delivery models effectively and efficiently. Identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions. Ensure documentation complies with quality standards. Collaborate with RSM consulting professionals, supervisors, and senior management in the U.S. daily. Manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients. Provide timely, high-quality client service, coordinating the development and execution of the consulting work plan and client deliverables. Understand RSM US and RSM Delivery Center's LOBs and work as a team in providing integrated service delivery. Ensure professional development through ongoing education. Job Requirements B.Tech/MCA/MBA with 0-3 years of relevant experience in Information Technology/Security Controls, SSAE18, SOC reports, IT Audits, IT General Controls, IT Application Controls, and ERP Audits. Intermediate knowledge of financials, operations, and technology and its related risks. Good knowledge of SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security, and risk management frameworks/standards (ISO 27001, NIST, COBIT, ITIL, PCI). Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP). Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word, and PowerPoint. MS Visio skills to develop process and data flow diagrams. Strong multi-tasking and project management skills. Excellent verbal and written communication (English) as this is a client-facing role requiring frequent communications with RSM International clients.

Role & responsibilities Strong understanding of ITGC, ITAC, SOC reports, and working knowledge of Audit tools & ServiceNow (SNOW) • Exposure to SOX, NIST 800-53, ISO 27000 series standards. Ability to support and document audit findings including action plans, remediation timelines, and closure tracking. Comfortable working from office/client location and in shift-based schedules Strong communication, stakeholder management, and project management skills Candidates holding CISA, CISM, ISO 27001 certifications will have an added advantage Preferred candidate profile Educational Background: Graduation / B.E. / B. Tech in any specialization Required Experience: 1-8 years in IT Audits, including ITGC, SOX / ICFR / IFC / SAS 70 / SSAE / SOC. Experience with IT Financial Audit, Business Automated Controls, and IT Risk Consulting or other compliance/regulatory audits. Perks and benefits How you'll grow At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there is always room to learn. We offer opportunities to help build world-class skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their careers Explore Deloitte University, The Leadership Center. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you

Perform testing of IT Application Controls, IPE, and Interface Controls through code reviews, IT General Controls review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster RecoveryPerform Risk Assessment, identification, and Evaluation of Controls, prepare process flow diagrams and document the same in Risk Control Matrix Perform business process walkthrough and controls testing for IT Audits Performing planning and executing audits, including - SOX, Internal Audits, External AuditsConducting controls assessment in manual/ automated environmentPrepare/Review of Policies, Procedures, SOPsMaintain relationships with client management and the project Manager to manage expectations of service, including work products, timing, and deliverables Demonstrate a thorough understanding of complex information systems and apply it to client situations Use extensive knowledge of the clients business/industry to identify technological developments and evaluate impacts on the work to be performed Coordinate effectively and efficiently with the Engagement manager and the client management keeping both constantly updated regarding project s progress Collaborate with other members of the engagement team to plan the engagement and develop relevant workpapers/deliverables Perform fieldwork and share the daily progress of fieldwork, informing supervisors of engagement status

Role Overview: We are seeking an experienced Audit and IT Control Compliance Professional to join our team in Chennai. In this role, you will be responsible for ensuring that the organization's financial operations and IT systems comply with internal and external audit standards and regulatory requirements. You will also manage compliance with IT controls, including security processes, vulnerability management, patching, and ensuring adherence to industry best practices.Key Responsibilities:- Perform audits and assessments of financial systems and IT operations, identifying compliance gaps and proposing effective solutions.- Coordinate internal and external audits related to IT controls, ensuring timely completion and addressing audit queries effectively.- Review financial data and IT systems to ensure compliance with established audit standards and best practices.- Ensure compliance with regulatory requirements such as SOX, GDPR, ISO 27001, and other relevant standards.- Conduct assessments and reviews of IT controls, including access controls, change management, patch management, and vulnerability management.- Identify areas of improvement in security processes such as patching, security vulnerabilities, and risk mitigation.- Monitor and report on the status of compliance with internal IT policies and external regulatory requirements.- Implement and maintain IT control frameworks and ensure that IT policies, procedures, and practices align with corporate governance.- Collaborate with IT and security teams to assess, test, and validate security controls related to patch management, vulnerability remediation, and risk management.- Participate in security audits, ensuring compliance with security standards and protocols.- Develop and maintain documentation and records for audits, ensuring a traceable and transparent process.- Recommend improvements and assist in the implementation of security measures to minimize risk and protect business-critical data.- Communicate audit findings, issues, and concerns effectively with senior management and relevant stakeholders.- Create clear and concise audit reports detailing findings, recommendations, and required actions to maintain compliance.- Provide expert advice to business units on the implementation of best practices for IT controls and security measures.- Assist in the development of compliance and audit strategies to improve overall business operations.- Stay current with industry trends, regulatory changes, and audit methodologies to ensure continuous improvement in compliance efforts.- Recommend and support the implementation of best practices to improve overall audit and IT control processes.- Support the ongoing training of staff and stakeholders on compliance procedures and security measures.- 5+ years of experience in audit and IT control compliance in a corporate or consultancy environment.- Experience conducting audits in areas such as financial systems, IT controls, and security operations.- Familiarity with regulatory frameworks, including SOX, GDPR, ISO 27001, and NIST.- Experience in identifying, managing, and mitigating security vulnerabilities and ensuring compliance with security processes like patching and risk management.- Strong communication skills, both written and verbal, with the ability to interact with senior management and stakeholders effectively.- Excellent problem-solving abilities and analytical thinking skills.- Detail-oriented and able to maintain accuracy while working with large datasets and complex systems.- Ability to work independently and as part of a team in a fast-paced environment.- Strong organizational skills with the ability to manage multiple priorities and deadlines effectively

Security Risk and Compliance Expert will be instrumental in shaping the global Information Security Management System (ISMS) within our Group Security team. This role involves engaging with various Business Groups and Corporate Functions to identify and manage information security risks, ensuring compliance and enhancing our security posture. Facilitate risk assessments, develop training, and contribute to the continuous improvement of security policies and tools. Enhance the overall security and compliance of services provided to our customers. You have: Master's or bachelor's degree in computer science, security engineering, or equivalent 5+ years of experience in information security in a multinational organization. Solid understanding of information security processes and technologies Practical knowledge of ISO/IEC 27001:2022 standard implementation Excellent documentation and communication skills It would be nice if you also had: Knowledge of security standards like CSA CCM, NIST CSF, NIS2, and SOC2 Experience delivering information security training Familiarity with RSA Archer and Microsoft Power BI or other GRC tools Certifications in information security (e.g., CRISC, CISSP and ISO 27001 LI/LA) Implement and operate the global Information Security Management System (ISMS) to enhance overall security and compliance Conduct risk assessments with global stakeholders to evaluate and report information security risks Develop and maintain the information security risk register, tracking mitigation progress and presenting reports to stakeholders Provide recommendations for security risk mitigation strategies tailored to different business groups Create, update, and maintain ISMS documentation and a repository of reports and audit records Facilitate training sessions to educate employees on ISMS practices and promote a strong security culture Collaborate with cross-functional teams to identify evolving security trends and compliance requirements Contribute to the continuous improvement of Nokia ISMS and related tools, utilizing KPIs to measure effectiveness

Audit Management: Coordinate and support internal and external audits, including evidence collection, control testing, and remediation tracking. Serve as the secondary point of contact for auditors and third-party assessors. Maintain audit logs, findings, and corrective action plans. Compliance Oversight: Monitor and ensure compliance with industry regulations and internal security policies. Map controls and processes to multiple compliance frameworks (e.g., NIST, ISO, SOC 2, HIPAA). Track evolving compliance obligations and help update policies accordingly. Access Management: Support access management processes Coordinate and drive periodic user access reviews. Business Continuity & Disaster Recovery (BCDR) Collaborate with IT, operations, and business units to develop and maintain BCDR plans. Coordinate and conduct periodic BCDR tests, document results, and track corrective actions. Evaluate critical business processes to identify single points of failure and propose continuity strategies. Ensure BCDR plans align with compliance requirements and organizational risk appetite. Maintain an inventory of critical assets and dependencies required for continuity and recovery. Policy Development & Enforcement: Assist in developing, updating, and enforcing information security policies, procedures, and standards. Ensure policies align with compliance frameworks and are effectively communicated across the organization. Documentation & Reporting: Maintain detailed and organized documentation of security controls, evidence, and compliance artifacts. Create reports and dashboards for leadership on compliance status and audit readiness. Other assignments as required to support the security, compliance, and resilience goals of the organization. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Bachelor’s degree in Cybersecurity, Information Systems, Risk Management, or related field. 3+ years of experience in information security, with a focus on compliance and audits. Hands-on experience supporting one or more compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, NIST). Strong understanding of security controls and risk management practices. Strong understanding of network, system, and application security principles. Strong knowledge of risk management principles and audit processes. Excellent analytical, problem-solving, and communication skills. Preferred technical and professional experience Strong attention to detail and organizational skills. Excellent written and verbal communication. Ability to manage multiple audits and compliance initiatives simultaneously. Comfortable working with technical and non-technical teams.

Job Title : IT Audit Compliance Lead Department : Information Technology , No of Vacancy : 1 Location : Thrissur , Kerala Experience required : 8- 13 years Responsibilities : • To drive and supervise IT related audits with internal and external stake holders ensuring successful end to end audit cycle. • Supervise and guide audit team at IT Dept and ensure they meet assigned tasks in prompt and efficient manner. • Managing and coordinating major audits such as RBI CSITE IT Audit, IS Audit (external & Internal), Statutory audit, vendor audits etc. • Coordinating with external auditors on the audits conducted in IT Department and providing responses to audit queries / remarks and providing added evidence requested by auditors. • Conducting discussion on draft audit reports for finalization of the same with the auditors . • Escalating delays in closure/response with SI and other internal or external stake holders. • Participation of various discussions on audit interviews and also on determining closing timelines and methods. • Participating in various committees like IT Steering Committee, ISGC, ACE, on need basis. • Timely provision of ATRs for Committees. • Sending Audit dash boards to top management. • Preparation of vertical related notes to ED and various Committees. • Participating in Regulatory change management meeting with SI for following up of audit related regulatory changes. • Work with IT Leads and Process Owners to step up compliance on audit observations and closing the same. • Responsible for establishing, maintaining, coordinating, and overseeing Audit, compliance with policies and procedures regarding the confidentiality, integrity, and security of information assets. Key Competencies : • Intermediate level knowledge on IT & InfoSec aspects. • Strong knowledge on MS Office package • Data Analysis and Data interpretation skills • Good communication and presentation skills Qualification Required : MCA / B Tech in IT with all round IT exposure of 7+ years Note: InfoSec/ IT-Audit related certifications like DISA, CISA preferred

Perform testing of IT Application Controls(ITAC), IPE, and Interface Controls through code reviews, IT General Controls(ITGC) review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster Recovery Perform Risk Assessment, identification, and Evaluation of Controls, prepare process flow diagrams and document the same in Risk & Control Matrix. Perform business process walkthrough and controls testing for IT Audits. Performing planning and executing audits, including: Information Security reviews Information Technology Infrastructure reviews Application reviews Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the work to be performed Risk Based IT Internal Audit for Financial Services Entities IT SOX 404 Controls Testing, Quality Assurance Internal Financial Controls related to IT General Controls as part of Financial Statements Audits Business Systems Controls / IT Application Controls Auditing Emerging Technologies such as Cloud Security, Intelligent Automation, RPA, IoT etc. Working knowledge of programming languages(C/C++/Java/SQL)