436 It Audit Jobs - Page 18

Monitoring systems process flow and controls Risk assessment in system controls Identifying and reporting the gaps in the system controls Analyze system logs, configurations, and security settings for risk indicators. Overall review of Operations Risk and Issues highlighted in Hind sighting Troubleshoot operational issues and coordinate with relevant departments for resolution Recommend and assist in the implementation of risk mitigation strategies and security controls Create and maintain documentation for risk findings, mitigation plans and compliance reports Monitor changes in regulatory and compliance requirements and assess their impact on existing systems Co-ordination with field risk team on process improvements and fraud control Collaborate with IT, legal, Audit and Business units to align risk management activities with business goals Participate in incident response and root cause analysis of security related incidents Assist in the development and review of IT policies and risk frameworks Monitor control systems to detect and resolve anomalies in real time Analyse system performance data to identify trends and areas for improvement Support the design and implementation of control system enhancements Experience in BFS - Banking Liability products / URC added advantage Understanding PSL segment Exposure to Information Security will be value addition Additional Qualification: CA Inter / CISA/CRISC/CISM

About the role: The global Identity Access Management team is passionately serving our stakeholders while evolving best practices. As an Identity Access Analyst , you have a pivotal operational role to provide and deprovision system access. You have an equally crucial role to partner collectively with stakeholders to mature, streamline, and automate Identity and Access Management procedures for Blackbaud. What you’ll do Ensure appropriate Control through timely removal of unnecessary or inappropriate system access? Expediently provision approved access, often utilizing evolving Role Based Access Controls (RBAC), for Blackbaud systems to prevent excessive permissions and rights. ?? Proactively expand approved RBAC roles through analysis, recommendation and adoption/rollout. Analyze and resolve access issues, coordinating with system owners or technical support resources as necessary. Participate in ongoing audits and assessments, and assist with implementation of audit or compliance recommendations? Develop and maintain detailed documentation on standard operating procedures, system configurations, and technical settings for internal team use, end user support? Identify , evaluate and recommend opportunities to eliminate, streamline, and automate access management practices. Partner with colleagues including application owners, cloud engineers, cyber security SMEs, etc. to effectively execute improvements based on expected value. Generate reports to perform in-depth analysis and data collection for issues associated with IAM? What you’ll bring 2 years of experience in Identity or Access Management?? Tireless adherence and attention to appropriate IT general computing controls? Ability to understand, work with and where appropriate leverage various technologies including PowerShell , ServiceNow, SailPoint's Identity-Now, Active Directory, EntraID , Salesforce, Workday, etc. Practical experience with SCA, ITIL, COBIT, NIST and/or other security and control frameworks? Stay up to date on everything Blackbaud, follow us on Linkedin, X, Instagram, Facebook and YouTube ? Blackbaud is a digital-first company which embraces a flexible remote or hybrid work culture. Blackbaud supports hiring and career development for all roles from the location you are in today! Blackbaud is proud to be an equal opportunity employer and is committed to maintaining an inclusive work environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law.

Cyber and 3rd party risk manager About Amgen Amgen harnesses the best of biology and technology to fight the world’s toughest diseases, and make people’s lives easier, fuller and longer. We discover, develop, manufacture and deliver innovative medicines to help millions of patients. Amgen helped establish the biotechnology industry more than 40 years ago and remains on the cutting-edge of innovation, using technology and human genetic data to push beyond what’s known today. What you will do Role Description This is a lead role to support the risk management product team in identifying, analyzing, and mitigating IT-related risks to the organization. This role will involve working closely with various departments to ensure that risk controls are in place, policies are adhered to, and security standards are met. The IT Risk Analyst will assist in developing and maintaining risk management frameworks, performing assessments, and supporting regulatory compliance efforts. Roles & Responsibilities Risk Management Leadership Support the global risk management and third-party organization in leading a team of risk analysts performing tasks related to the global risk assessment processes. Risk Identification and Assessment: Conduct risk assessments to identify vulnerabilities in IT systems, processes, and policies. Assist in the identification and evaluation of risks associated with third-party vendors and partners. Maintain the IT risk register, documenting risks, issues, and remediation actions. Risk Mitigation and Monitoring: Recommend risk mitigation strategies and implement risk management controls across IT infrastructure. Collaborate with IT, cybersecurity, and business teams to track and resolve identified risks and vulnerabilities. Monitor and report on the effectiveness of existing IT risk controls and recommend enhancements as needed. Compliance and Regulatory Support: Ensure compliance with relevant industry standards and regulatory requirements (e.g., GDPR, SOX, PCI-DSS, NIST). Assist in the preparation for audits by internal and external parties, providing documentation and evidence of IT risk management practices. Support the development and implementation of IT governance, risk, and compliance frameworks. Vendor Risk Management: Conduct vendor risk assessments, ensuring third-party services and products align with internal risk and security policies. Regularly review vendor performance and risk exposure, working with procurement and legal teams as necessary. What we expect of you We are all different, yet we all use our unique contributions to serve patients. The [vital attribute] professional we seek is a [type of person] with these qualifications. Basic Qualifications and Experience Education: Bachelor’s degree in information technology, Cybersecurity, Risk Management, or a related field. Certifications such as CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or CISSP (Certified Information Systems Security Professional) are highly desirable. Experience 4-6 years of experience in IT risk management, IT auditing, or information security. Hands-on experience with risk management tools and frameworks (e.g., ISO 27001, NIST, COBIT). Skills and Competencies: Strong understanding of IT infrastructure, systems, and security best practices. Ability to assess technical and business risk related to information systems. Excellent problem-solving, analytical, and communication skills. Ability to communicate complex risk concepts to non-technical stakeholders. Ability to assess and interpret security-related clauses in third-party contracts, such as Security Requirements Schedules (SRS) Familiarity with regulatory frameworks and compliance standards (e.g., GDPR, HIPAA, SOX, PCI-DSS). Technical Knowledge: Proficiency with risk management tools, GRC (Governance, Risk, and Compliance) software, and security incident management tools. Experience with security controls related to networks, databases, and cloud environments. Soft Skills: Excellent analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Ability to manage multiple priorities successfully Team oriented, with a focus on achieving team goals Strong presentation and public speaking skills Collaboration with global teams What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. Apply now for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Position: System Internal Auditor Location: East Africa Experience: +5 Years of experience in IT auditing, risk management, cybersecurity, or internal controls. Qualification: Bachelors degree in information technology, Computer Science, or relevant field. Key Responsibilities: Assess IT Systems : Review and evaluate the organization's IT infrastructure to ensure systems operate correctly and securely. Review Policies and Procedures : Examine IT-related policies, procedures, and standards to ensure they are up-to-date and effective. Ensure Compliance : Verify that IT operations comply with legal regulations and internal policies. Conduct Risk-Based Audits : Plan and perform audits focusing on areas with higher risks, such as cybersecurity threats. Report Findings : Document audit results, highlighting issues found, their implications, and recommendations for improvement. Collaborate with Teams : Work with IT, compliance, and risk management teams to strengthen IT controls and governance frameworks. Provide Training : Educate staff on IT security best practices and risk management. Monitor Third-Party Risks : Assess and manage risks associated with third-party vendors and cloud services. Promote Continuous Improvement : Implement tools and practices that allow for ongoing monitoring and improvement of IT systems. **If interested, kindly send your CV to chhavi@achyutam.co.in** Note: Apply only if interested to relocate to Africa and meet the above criteria.

Role & responsibilities Deliver and present control evidence to internal and external auditors. Contribute to the planning and exertion of Audit findings remediation. Control evidence quality analysis. Work among various teams within the Identity and Access Management (IAM) department to validate, analyze and articulate user access controls. Develop automated capabilities that support control monitoring, evidence gathering and reporting. Qualifications Experience as an Internal Auditor is preferred Proficiency in scripting and programming languages (e.g., Python, Java, PowerShell, SQL, etc.) is preferred Hands-on experience with Identity Governance tools such as Saviynt, Aveksa, or Active Directory preferred Experience in data analytics and/or data mining Proficiency in Excel Basic experience working in the fields of Identity and Access Management and Privileged Access Management

Role & responsibilities As Identity Audit and Control Analyst, you will be responsible for facilitating control gap identification, risk remediation, and proactive control monitoring. Responsibilities include, but are not limited to, the following: Deliver and present control evidence to internal and external auditors. Contribute to the planning and exertion of Audit findings remediation. Control evidence quality analysis. Preferred candidate profile Experience as an Internal Auditor is preferred Proficiency in scripting and programming languages (e.g., Python, Java, PowerShell, SQL, etc.) is preferred Hands-on experience with Identity Governance tools such as Saviynt, Aveksa, or Active Directory preferred Experience in data analytics and/or data mining

SAP, Networking, software, hardware, Audits etc

What you will do Lets do this. Lets change the world. In this vital role you will be part of the Governance, Risk and Compliance (GRC) team within Cybersecurity and Digital Trust (CDT). This team is part of Amgen's technology team. In this position you are responsible for enabling Information Technology Sarbanes-Oxley (SOX) Compliance. You are required to collaborate with the IT SOX Compliance Manager, service owners, engineers, and other Amgen internal partners such as Finance, Compliance, Corporate Audit and Law department to develop, maintain, and improve Amgens Information Compliance. Roles & Responsibilities: You will bring forth out of the box thinking, an agile approach and domain expertise and highly developed understanding of IS controls to empower IS process and product owners to build and maintain IT controls and solutions with compliance, by design. You will perform the following activities, and any additional tasks required to attest that our systems, applications and infrastructures subjected to different aspects of compliance are able to verify adherence efficiently and effectively. Own and run the ITGC SOX Controls Management and Compliance function Deep understanding of industry standard regulatory compliance frameworks Exceptional interpersonal skills, soft skills and presentation skills Prior experience in working with and presenting to external auditors Experience working with regulatory tools and applications Coordinate, collaborate, and communicate with IT personnel across the organization, audit committee and regulatory compliance teams to ensure that our IS SOX process is followed as required by our organization Ability to demonstrate solid sense of ownership, detail orientation, keen focus on quality and setting clear expectations In charge of working with process owners, internal, and external auditors in support of our quarterly certification process Collaborate and support any SOX evidence request efforts made by Internal and External Audit teams Develop and promote educational mentorship resources that will help facilitate new owners understanding of the Sarbanes-Oxley Act and their responsibilities Review documentation to identify control gaps Create and author documentation and training materials Participate in walkthroughs with system, service, and process owners Review and analyze SOX systems and applications showing in Configuration Management Database (CMDB) for SOX applicability and ensure all components are collected and accounted for Deep understanding of IT infrastructure and hands on experience in Information Technology Infrastructure Library (ITIL) and System Development Life Cycle (SDLC) Assess the risks of IT audit findings, identify mitigating controls and incorporate in IT process framework continual improvement Map regulatory requirements across functions to identify compliance and audit response efficiencies while liaising with internal auditors and IT service owners to ensure information assurance processes are mature, and outcomes are effective by appropriately addressing and raising relevant risks to policy and regulatory compliance Maintain awareness of changing technology environments, implementation methodologies and frameworks used to support responsible functions (e.g., AI, machine learning, Dev Ops, etc.) Ensure quality of work and timeliness across different functional deliverables and take ownership of issues and coordinate through to completion What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications: Masters degree with 4 to 6 years in Information Technology or Cybersecurity OR Bachelors degree with 6to 8 years experience inregulatory compliance and auditing Functional Skills: Must-Have Skills: 4+ years of IT audit, Information Technology / Security control assurance or enterprise IT compliance experience Working knowledge of Information Governance principles and Information Security principles: confidentiality, integrity, and availability Knowledge of international standards for Information Technology and Information Governance Experience working with various technologies, IT frameworks and methodologies Proven ability to understand the concepts of new cloud technologies and other paradigms such as emerging Big Data technologies, lean methodologies to propose appropriate controls and compliance mentorship Strong written and verbal communication, including the ability to explain technical matters to a non-technical audience Possess strong organizational and collaboration skills Strong written and verbal communication, including the ability to explain technical matters to a non-technical audience Possess strong organizational and collaboration skills Working in large / global corporate environments involving multiple businesses Good-to-Have Skills: 3+ years of experience within health, biotechnology/pharma or other regulated industries Experience working in Agile and/or DevOps teams (SCRUM) Working experience with Governance, Risk and Compliance (GRC) tools. Exceptional teamwork encompassing multi-functional teams, peer relationships, informing, understanding and appreciating differences Strong ability to convey and influence complex information compliance, risk and security issues in a manner that is easily understood and actionable Ability to effectively facilitate and inspire change within the organization. Developing / delivering presentations to large audiences and at all levels within the organization Professional Certifications: Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) SANS Global Information Assurance Certifications (GIAC) Soft Skills: Good communication and collaboration skills, particularly when working with global teams. Ability to manage and prioritize tasks effectively in a high-pressure environment. Critical thinking and problem-solving abilities, especially in incident response situations. A commitment to continuous learning and knowledge sharing.

ANZEN Technologies Private Limited. stands as an unparalleled powerhouse, empowering organizations across industries with our visionary services, cutting-edge solutions, and ground-breaking services in the realm of Cyber Security, IT Governance, Risk Management, and Compliance. As your trusted partner, we offer a comprehensive suite of End-to-End security services and consultancy, tailored to safeguard critical infrastructure installations, elevate the standards of BFSI, eCommerce, IT/ITES, Pharmaceuticals, and an array of other sectors. Position : Senior Associate Consultant Key Responsibilities: GRC Strategy and Planning: Develop and implement comprehensive GRC strategies, policies, and procedures aligned with organizational goals and objectives. Define and prioritize GRC initiatives based on risk assessments, regulatory requirements, and industry best practices. Continuously evaluate and update GRC frameworks to adapt to evolving threats and compliance landscapes. Risk Management: Conduct risk assessments to identify, analyze, and prioritize risks across the organization. Develop risk mitigation strategies and controls to address identified risks effectively. Monitor and report on risk exposure and mitigation efforts to senior management and stakeholders. Compliance Management: Ensure compliance with relevant laws, regulations, and industry standards, such as GDPR, HIPAA, PCI DSS, etc. Monitor changes in regulatory requirements (SEBI, RBI, IRDAI etc) and assess their impact on the organization's compliance posture. Coordinate compliance audits, assessments, and certifications, and remediate any identified issues or deficiencies. Audit Management: Plan, coordinate, and oversee internal and external audit activities, including IT audits, compliance audits, and third-party audits. Develop audit plans, programs, and testing procedures to assess the effectiveness of controls and compliance with policies and regulations. Review audit findings, assess control deficiencies, and collaborate with stakeholders to develop and implement remediation plans. Monitor and track the progress of audit remediation efforts and report on the status to senior management and audit committees. Policy Development and Enforcement: Develop, review, and update information security policies, standards, and guidelines in alignment with regulatory requirements and industry best practices. Establish mechanisms for policy enforcement and monitor adherence to policies across the organization. Cross-Functional Collaboration: Collaborate with internal stakeholders, including IT, legal, finance, and operations, to integrate GRC principles into business processes and initiatives. Provide guidance and support to business units on GRC-related matters, including risk assessments, compliance requirements, and controls implementation. Training and Awareness: Develop and deliver GRC training programs and awareness campaigns to educate employees on their roles and responsibilities in maintaining compliance and managing risks. Foster a culture of compliance and risk awareness throughout the organization. Qualifications and Skills: Bachelor's degree in Information Security, Risk Management, Business Administration, or related field. Masters degree or relevant certifications (e.g., CISA, CISSP, CRISC, CISM) preferred. Minimum of 5 years of experience in governance, risk, and compliance roles, with a focus on information security and IT risk management, including audit management experience. Strong understanding of regulatory requirements and industry standards related to information security and data privacy (e.g., GDPR, HIPAA, ISO 27001). Proficiency in audit methodologies, risk assessment frameworks, compliance frameworks, and control frameworks (e.g., NIST Cybersecurity Framework, COBIT, ITIL). Excellent analytical, problem-solving, and decision-making skills. Effective communication and interpersonal skills, with the ability to collaborate with diverse stakeholders and influence change. Proven track record of leading GRC initiatives, conducting audits, and driving process improvements. Ability to work independently and manage multiple priorities in a fast-paced environment. Office Address : ANZEN Technologies Private Limited Akshar Business Park, H - 3025, 3rd Floor, Plot No. 3, Sector-25, Vashi, Navi Mumbai 400703 https://anzentech.com Immediate Joiner may apply

Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk Required education Bachelor's Degree Preferred education Doctorate Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

Job Requirements Design and execute the day-to-day activities of Information Technology (IT) audit engagements, with a focus on strategic, operational and regulatory/compliance related risks Plan activities related to development of audit program, and execution of internal audits and IT control assessments in the following areas: cybersecurity, IT strategy and governance, IT operations, business continuity and disaster recovery, network and infrastructure security, cloud and third party risk, programs and projects, automation, General Information Technology Controls (GITCs) and application controls, and regulatory/compliance requirements Review clients' processes and controls against leading practice and industry frameworks, identify gaps in design and execution, and communicate issues and recommendations to engagement leads and client management Contribute to IT Audit knowledge base and internal practice development initiatives Supervise and provide performance management for IT audit staff working on assigned engagements Write and present clear and concise reports and presentations containing meaningful observations and recommendations to clients, and document procedures performed and conclusions reached related to projects Support proposal and business development activities by assisting in the identification of new target clients, building business relationships with key executives, and developing/presenting proposals Provide oversight and leadership to team members regarding deliverables, project plans, and performance management while contributing to industry and regulatory publications, writing professional and thought leadership articles, and speaking at related conferences and seminars Mandatory technical & functional skills Bachelor's degree in an appropriate field from an accredited college/university; Master's degree from an accredited college/university is preferred Prior knowledge leading and executing risk-based IT-related internal audits and/or risk and control assessments, leveraging IT governance and control frameworks such as COBIT, NIST CSF, NIST 800-53, and ITIL and proficiency in core requirements and methodologies for SOX internal control programs Experience with IT Risk Management and three lines of defense frameworks CISA, PMP, CISSP or CRISC certification is preferred Key behavioral attributes/requirements Ability to work well independently as well as part of a team Driven and enthusiastic with a can-do attitude and a strong sense of ownership to get the job done in a pragmatic fashion