449 It Audit Jobs - Page 8

About The Role Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information ? Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails ? Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLA??s (90-95%), response time and resolution time TAT ? ? Mandatory Skills: Saviynt. Experience5-8 Years. Reinvent your world. We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention. Come to Wipro. Realize your ambitions. Applications from people with disabilities are explicitly welcome.

Ready to shape the future of work At Genpact, we don&rsquot just adapt to change&mdashwe drive it. AI and digital innovation are redefining industries, and we&rsquore leading the charge. Genpact&rsquos AI Gigafactory, our industry-first accelerator, is an example of how we&rsquore scaling advanced technology solutions to help global enterprises work smarter, grow faster, and transform at scale. From large-scale models to agentic AI, our breakthrough solutions tackle companies most complex challenges. If you thrive in a fast-moving, tech-driven environment, love solving real-world problems, and want to be part of a team that&rsquos shaping the future, this is your moment. Genpact (NYSE: G) is an advanced technology services and solutions company that delivers lasting value for leading enterprises globally. Through our deep business knowledge, operational excellence, and cutting-edge solutions - we help companies across industries get ahead and stay ahead. Powered by curiosity, courage, and innovation, our teams implement data, technology, and AI to create tomorrow, today. Get to know us at genpact.com and on LinkedIn, X, YouTube, and Facebook. We are inviting applications for the role of Senior Manager, IT-SOX In this role, you will be responsible for delivering solution offerings primarily related to IT & Application Controls Assurance. Demonstrate IT operational risk knowledge/experience including design of effective control processes, development of test requirements and/or testing controls for effectiveness Responsibilities . Ensure client service delivery per the quality guidelines & methodologies. . Build and maintain client relationships by understanding and being responsive to client needs and ensuring high quality of deliverables. . Contribute to people and knowledge development initiatives by developing training material and conducting training . Demonstrate strong analytical thinking and communication skills including the ability to research and understand complex processes and effectively communicate them to interested parties . Demonstrate superior relationship building and relationship management skills Qualifications we seek in you! Minimum qualifications / skills . B.E., BTECH, MTECH, MCA, MBA . IT SOX, ITAC experience . SAP controls/audit experience . SOC and interface controls experience . IT audit experience preferred . CISA/CISM/ other risk certification including cloud security preferred Preferred qualifications / skills . Experiences in providing Risk & Advisory services to clients on SOX readiness, SOC, Internal audits, ITAC&rsquos, across Business Processes and ERPs and across Operating systems (Windows, UNIX, Mainframe), databases (HANA, Oracle, SQL), key reports. . Conducted SOC1 / SOC2 Readiness Assessment, compliance to COSO & COBIT Frameworks, IPE testing and interface controls testing . Supported clients / projects pertaining to Data Security & Privacy involving HIPPA, GDPR and PCI DSS . Performed Risk assessment, Controls Design, implementation, operating effectiveness reviews, including experiences of Control Rationalization and Automation . Reviews / Benchmarking of Policies and Procedures pertaining to SDLCs, Change management, Access Management, Backup management, etc . Built / reviewed Third-Party Risk Management Frameworks, including focused on Information Security, carried out Supply Chain Security assessments . Assisted organizations to set up process for data subject access rights in coordination with GDPR regulation, and mitigate risk with respect data leakage . Significant experience in managing large projects around IT and application controls assurance . Good understanding of ITGC and application control framework around ERPs and complex IT environment such as the system of engagement, digital tools, cloud application infrastructure . Able to lead a team and lead client conversations in recommending controls around digital implementation and regular status updates . Experience in working with the implementation team specifically to implement application configuration, interface, and business process controls . Experience in solution and practice development, lead conversations with internal business leads and sales partners to identify opportunities and avenues to embed required solution . In-depth knowledge/experience of business processes (AP/RTR/AR etc.), systems, and infrastructure including project management, change management, access management, and data processing operations such as job scheduling and monitoring, problem management, and backups Why join Genpact . Be a transformation leader - Work at the cutting edge of AI, automation, and digital innovation . Make an impact - Drive change for global enterprises and solve business challenges that matter . Accelerate your career - Get hands-on experience, mentorship, and continuous learning opportunities . Work with the best - Join 140,000+ bold thinkers and problem-solvers who push boundaries every day . Thrive in a values-driven culture - Our courage, curiosity, and incisiveness - built on a foundation of integrity and inclusion - allow your ideas to fuel progress Come join the tech shapers and growth makers at Genpact and take your career in the only direction that matters: Up. Let&rsquos build tomorrow together. Genpact is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. Genpact is committed to creating a dynamic work environment that values respect and integrity, customer focus, and innovation. Furthermore, please do note that Genpact does not charge fees to process job applications and applicants are not required to pay to participate in our hiring process in any other way. Examples of such scams include purchasing a %27starter kit,%27 paying to apply, or purchasing equipment or training.

Project Role : Security Advisor Project Role Description : Provide enterprise-level advice to make organizations cyber resilient. Assist in navigating the complex landscape of cyber threats, ensuring robust digital asset protection while maintaining trust with stakeholders. Must have skills : Security Governance Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Advisor, you will provide enterprise-level advice to make organizations cyber resilient. Your typical day will involve engaging with various teams to assess and address cyber threats, developing strategies for digital asset protection, and ensuring that stakeholders maintain trust in the organization's security posture. You will also be responsible for staying updated on the latest cybersecurity trends and best practices to effectively guide your organization in navigating the complex landscape of cyber threats. Roles & Responsibilities:-Perform required audits and tests related to the Business Continuity Plans-Develop plans to safeguard data and intellectual property against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs-Work with Accenture's global asset and security organizations to develop solutions for clients unique problems and help implement business continuity plans and align resources, as appropriate-Deliver on key metrics (SLAs and KPIs) and contractual requirements successfully to execute run and transform projects to ensure the quality of functioning of teams to optimize security measures-Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Governance.- Strong understanding of risk management frameworks and compliance standards.- Experience in developing and implementing security policies and procedures.- Ability to conduct security assessments and audits.- Familiarity with incident response planning and execution. -Active participation in hiring of talent, operating of projects in various type and scale, execute concepts and implementation strategies for various systems to ensure practical implementation of security standards across client and industries.-Understands requirements and participates in Solution Review, Client orals, Client visits etc. to represent Accenture to help client and provide solutions to clients needs.-Document and deliver security and emergency measures policies, procedures, and tests.-Conversant on multiple CyberSecurity domains like:Identity and Access Management, Network Security, Vulnerability Management (Infra and Applications), Cloud Security, Endpoint and Email Security, SOC\SIEM, Network Security, Risk & Compliance, Data Security independent of various tools, technologies and processes. Additional Information:- The candidate should have minimum 12 years of experience in Security Governance.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Convene the IS group meeting on a frequent basis Maintain minutes for all the IS group meetings and ensure the closure of action items Initiate and monitor the internal security audits on defined frequencies Analyze and verify findings and action plans of internal audit Present the findings and trend to top management Verify and analyze the information security incidents along with respective team and take appropriate action. Identify, measure, and analyze information security objectives of all the departments and projects Ensure information security risk assessment and action plan initiation are conducted on a regular basis for all the departments and projects. The critical information security risks and the status to be updated to top management Analyze and approve special permissions which are requested by the employees Ensure the regular reviewing of ISMS documents and make sure that the approved changes are updated in document. Monitor IT related events regularly and ensure that appropriate actions are taken. Ensure the network issues and glitches in the system are addressed on time by IT Monitor the Information security performance and execute the action plans where ever necessary and ensure that the proposed actions are taken care. Ensure the ISMS Awareness among employees are developed. Develop information security policy and get it approved by top management Develop a Business Continuity Plan along with the team members and get it approved by top management Frequently test the BCP and ensure appropriate actions are taken Ensure appropriate external Information Security communications are conducted by relevant team. Ensure applicable acts and policies of the organization are identified, detailed and appropriate actions taken to implement the same Ensure all department related security activities are taken care and support in case of any issues/ clarifications.

Shell has a requirement for ITGC Analyst . Based on JD, it appears to be more on Risk Management/Environment Governance. Can you suggest a primary skill to be used for this role and add the respective representative from TA team for this role. As an ITGC Testing Analyst, you will support management in assessing the IT control environment. You will identify and report control weaknesses, track remediation action plans, and monitor the quality of remediation efforts.. More specifically, your role will include: ITGC Testing: Conduct testing of IT General Controls (ITGCs) to ensure compliance and effectiveness. ITC Testing: Perform testing of IT Components (ITCs) to validate data integrity and accuracy. Test Scripts: Developing and executing test scripts, documenting test procedures, and evaluating results to identify control gaps. Documentation: Maintain detailed documentation of testing procedures, findings, and recommendations. Reporting: Ensure adherence to the approved assurance plan and provide regular updates on progress. Issue Management: Advise IT operations on risk management and contribute to remediation plans for deficient controls. : Work with the offshore testing team to assess the design and effectiveness of IT controls. Stakeholder Communication: Communicate effectively with stakeholders to ensure understanding and alignment with assurance processes and risk management strategies. Tool Management: Oversee tools and reports used by the team and stakeholders, ensuring accuracy and updates based on business needs. Experience: IT Audit Expertise: Proven experience in IT audits or ITGC testing. Technical Skills: Certifications: Relevant certifications like ISO 27001, CISA, CISM, and CRISC or having a strong desire to work towards obtaining such certifications. Information Risk Management: Good understanding of information risk management and associated processes. Application Proficiency: Experience with widely used applications such as SAP, Power Platform, and Cloud technologies is desirable. Continuous Improvement: A mindset geared towards continuous improvement and project management experience. Work Schedule: Mid-Shift: Working hrs will be IST 12 noon to 9 pm. Shift allowance will be eligible per organization po Shell has a requirement for ITGC Analyst . Based on JD, it appears to be more on Risk Management/Environment Governance. Can you suggest a primary skill to be used for this role and add the respective representative from TA team for this role. As an ITGC Testing Analyst, you will support management in assessing the IT control environment. You will identify and report control weaknesses, track remediation action plans, and monitor the quality of remediation efforts.. More specifically, your role will include: ITGC Testing: Conduct testing of IT General Controls (ITGCs) to ensure compliance and effectiveness. ITC Testing: Perform testing of IT Components (ITCs) to validate data integrity and accuracy. Test Scripts: Developing and executing test scripts, documenting test procedures, and evaluating results to identify control gaps. Documentation: Maintain detailed documentation of testing procedures, findings, and recommendations. Reporting: Ensure adherence to the approved assurance plan and provide regular updates on progress. Issue Management: Advise IT operations on risk management and contribute to remediation plans for deficient controls. : Work with the offshore testing team to assess the design and effectiveness of IT controls. Stakeholder Communication: Communicate effectively with stakeholders to ensure understanding and alignment with assurance processes and risk management strategies. Tool Management: Oversee tools and reports used by the team and stakeholders, ensuring accuracy and updates based on business needs. Experience: IT Audit Expertise: Proven experience in IT audits or ITGC testing. Technical Skills: Certifications: Relevant certifications like ISO 27001, CISA, CISM, and CRISC or having a strong desire to work towards obtaining such certifications. Information Risk Management: Good understanding of information risk management and associated processes. Application Proficiency: Experience with widely used applications such as SAP, Power Platform, and Cloud technologies is desirable. Continuous Improvement: A mindset geared towards continuous improvement and project management experience. Work Schedule: Mid-Shift: Working hrs will be IST 12 noon to 9 pm. Shift allowance will be eligible per organization po

10+ yrs exp IT & IT Security Certified in ISO 27001: 2013 Enterprise IT Governance including knowledge of IT risk management and controls Strong power point presentation creation and design Func as SPOC for IT GRC & Audits Team Leading Exp preferable Required Candidate profile Manage establishment of operate & tech decision-making process to ensure IT svc are align to organization priorities & risk appetite Prep sec dashboards with KPIs, sec metrics for CISO presentations Perks and benefits Mediclaim + additional 10% performance bonus

Job Summary The Internal Auditor plays a key role in a dynamic, Global Financial Technology (FinTech) Company, partnering with the business to ensure risks are recognized and appropriately managed. The role is responsible for executing audits as prescribed in Internal Audits audit plan and works extensively the business to learn, document, and/or test processes to identify opportunities for improvement or gaps in controls and/or company policies. Responsibilities Develop a comprehensive understanding of the Company s business, risk landscape, financials, processes and control environment Conduct audits for compliance with policies, standards, key controls, regulatory requirements etc. ,including testing, analyzing evidence and identifying issues Evaluate the design and effectiveness of controls to manage risk within risk appetite and tolerance Validate exceptions including quantifying risks, investigating root causes, and working with owners to establish action plans Evaluate significant corporate initiatives, processes, operations, implementations, M&A, etc. to ensure appropriate risks and controls have been considered Recommend improvements to systems, procedures and processes to minimize risks, improve efficiency, or generate cost savings Prepare work papers to adequately document audit work performed and to support conclusions reached Prepare formal written reports expressing opinions, review results with management and perform ongoing tracking and monitoring of remediation efforts Maintain knowledge of current information technology, InfoSec, auditing practices, industry trends, etc. Supervise, train, and mentor junior auditors Participate in department initiatives to further advance the Internal Audit function Perform special projects as needed Knowledge, Skills, Abilitie s High ethical standards and values with ability to handle confidential / sensitive issues and information with the highest degree of professional responsibility Ability to handle multiple priorities; work under pressure and time constraints Solid interpersonal skills with the ability to build relationships and gain the confidence and respect of internal and external stakeholders Experience with interviewing techniques that enable primary risk identification Knowledge of IT General Controls auditing; IT Application Controls reviews; auditing concepts, approaches, tools and technique; risks and controls; IT and Security concepts, standards, frameworks and best practices; Business and IT process flows Experience delivering IT audit projects, risk assessments, system reviews, IT controls testing Strong analytical skills with keen attention to detail Ability to define problems, collect data, establish facts, and draw valid conclusions Ability to read, analyze, and interpret technical information, reports, documents and diagrams Strong communications and presentation skills Project management skills with ability to manage multiple projects Willingness to obtain professional certification, such as Certified Information System Auditor (CISA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA) Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or similar Proficiency in basic PC applications (MS Excel, Word, PowerPoint, Visio) Ability to travel globally as needed for audits ( Required Experience :3-5Yrs 2+ years of IT Audit, Information Security or other relevant experience Big 4 experience is added advantage Degree OR Post graduate in information technology or other related field (e.g., information systems, business intelligence, computer science, MCA,BCA etc.) IT Internal Audit experience OR experience under Enterprise risk management Years of experience in public accounting, consulting, ERM, Audit, Technology, Information Security, or relevant field Professional certification, such as Certified Information System Auditor (CISA), Certified Internal Auditor (CIA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or similar Experience with eGRC tool, technology-based auditing techniques, etc. Experience working in FinTech, Banking or Technology industries We are proud to offer a range of incentives to our employees worldwide. These benefits are available to everyone, regardless of grade, and reflect the values we uphold: Flexibility: Enjoy unlimited vacation, based on your location and business priorities. Hybrid working arrangements, and inclusive policies such as paid time off for voting, bereavement, and sick leave. Well-being: Access confidential one-on-one therapy through our Employee Assistance Program, unlimited personalized coaching via our coaching app, and access to our Gather Groups for emotional and mental support. Medical, life & disability insurance, retirement plan, lifestyle and other benefits* ESG: Benefit from paid time off for volunteering and donation matching. DEI: Participate in multiple DE&I groups for . We learn from one another, embrace and celebrate our differences, and create an environment where everyone feels safe to be themselves. Be unique, be exceptional, and help us make a difference at Finastra!

1.Governance and Policy Development oDevelop and implement governance frameworks, policies, and procedures to ensure alignment with industry standards and organizational objectives. oRegularly review and update GRC policies based on regulatory changes, client requirements, and industry best practices. oCreate and maintain documentation for governance, risk, and compliance initiatives, ensuring accessibility and adherence across the organization. 2.Client Due Diligence and Risk Assessment oManage and respond to client due diligence and security assessments, providing accurate, timely information about the organization's risk management, security posture, and compliance practices. oCoordinate with relevant teams to compile necessary documentation and evidence to address client inquiries regarding data protection, privacy practices, and information security controls. oConduct risk assessments based on client requirements, identifying and addressing potential gaps to ensure continued alignment with client security expectations. 3.Vendor Risk Assessment and Management oConduct thorough vendor risk assessments to evaluate the security posture and compliance of third-party vendors. oCollaborate with the procurement and legal teams to review vendor agreements, ensuring they meet the organizations GRC and security standards. oMonitor and maintain the vendor risk register, tracking vendor compliance, and conducting periodic reassessments for critical vendors. 4.Risk Assessment and Mitigation oLead and conduct internal risk assessments, identifying and analysing potential risks to the organizations assets and operations. oDevelop and implement risk treatment plans in collaboration with stakeholders, tracking and reporting on risk mitigation efforts. oMaintain the organizational risk register and work with cross-functional teams to ensure continuous monitoring and timely response to emerging risks. 5.Compliance Management and Regulatory Oversight oEnsure compliance with relevant standards and regulations, such as ISO 27001 (ISMS), ISO 27701 (PIMS), ISO 27017, ISO 27018, ISO 42001 (AI oManagement Framework), CCPA, NIST, GDPR, PCI-DSS, CIS Benchmarks. oSupport internal and external compliance audits, control testing, and regulatory assessments, and coordinate with departments to gather required documentation. oStay updated on regulatory requirements and communicate changes in compliance obligations to relevant stakeholders. 6.Control Implementation and Monitoring oDesign, implement, and assess controls to ensure they align with GRC policies and regulatory requirements. oConduct regular control testing and monitor control effectiveness, identifying and remediating any deficiencies. oCollaborate with teams to improve and strengthen internal controls across the organization. 7.Incident Response and Analysis oSupport the incident response process by providing guidance during incidents and conducting post-incident reviews to ensure alignment with GRC frameworks. oRegularly review and update incident response plans and playbooks, incorporating lessons learned from security incidents to enhance future response efforts. 8.Training, Awareness, and Stakeholder Engagement oDevelop and deliver training sessions on GRC-related topics, increasing organizational awareness of risk, compliance, and security responsibilities. oCollaborate with Legal, IT, HR, and other departments to ensure integrated and effective GRC practices. oCommunicate risk assessment results, policy updates, and compliance requirements to stakeholders and senior management. 9.Documentation, Reporting, and Metrics oMaintain comprehensive documentation for all GRC activities, including client and vendor assessments, internal audits, risk assessments, and compliance reviews. oCreate and present reports, metrics, and dashboards to communicate GRC status, control effectiveness, and compliance progress to senior management. oDocument and track risk assessment outcomes, client inquiries, and remediation actions to ensure transparent and effective risk management practices.

Assist in the development, review, and maintenance of IT security policies, procedures, and documentation. Support internal audits and assessments aligned with frameworks such as ISO 27001, NIST, SOC 2, and GDPR. Participate in risk assessments to identify and track remediation efforts for security and compliance risks. Help maintain compliance registers, risk logs, and GRC tools. Work with cross-functional teams to collect evidence for compliance and audit activities. Monitor changes in regulatory and compliance requirements relevant to the organization. Assist with third-party vendor risk management and due diligence reviews. Contribute to awareness programs to promote a culture of compliance and security.

Job Summary: We are looking for an experienced IT Audit Specialist with a proven track record in Big 4 consulting firms (Deloitte, PwC, EY, or KPMG). The ideal candidate must hold a valid CISA or CISSP certification and demonstrate deep expertise in IT general controls (ITGC), risk management, cybersecurity, and compliance. This role is focused solely on IT audits and advisory, not statutory or financial audits. Key Responsibilities: Lead and perform IT audits, including ITGC testing, automated controls reviews, and application audits across various environments. Evaluate cybersecurity controls, risk mitigation practices, and IT governance processes. Conduct assessments for SOX IT compliance, SOC 1/SOC 2, GDPR, and other regulatory frameworks. Work closely with internal stakeholders and client teams to identify control weaknesses and recommend remediation strategies. Participate in risk assessments, control design evaluations, and implementation of industry best practices. Document findings, prepare reports, and present results to senior leadership or client executives. Stay updated on emerging IT risks, technologies, and industry regulations to enhance audit effectiveness. Required Qualifications: 6+ years of IT audit experience with exclusive background in Big 4 firms (Deloitte, PwC, EY, KPMG). Professional certification: CISA (required); CISSP or other security certifications are a plus. Strong knowledge of ITGCs, application controls, and security frameworks (COBIT, NIST, ISO 27001). Experience in ERP systems audits (e.g., SAP, Oracle) and cloud environment assessments (AWS, Azure, GCP). Strong analytical, documentation, and communication skills. Ability to manage multiple projects and meet tight deadlines in a client-facing environment. Preferred Skills: Experience with SOC 1/SOC 2 reporting, vulnerability assessments, or data privacy audits. Familiarity with tools like Archer, ServiceNow GRC, or audit analytics platforms. Exposure to IT risk advisory or cybersecurity transformation projects.

Headquartered in Canada with locations across the United States and around the globe with a footprint on six continents, Bulletproof, a GLI company has decades of technology, security, and compliance expertise. Bulletproofs work in the security space has been recognized nationally and globally with Microsofts global Security Partner of the Year in 2021 and five Microsoft Canada Impact Award wins from 2019 to present-day. At Bulletproof, our vision is to serve, secure, and empower the world through people and technology; one customer at a time. We believe everyone has the right to feel safe and secure. Our mission is to serve and protect organizations to ensure their success. What we have to offer : Challenging Work - We love solving highly complex problems. Across our teams and in all roles, every employee is empowered to bring their best ideas forward and to jump in and solve the problems they're passionate about. Great People - We are stronger, together, when we are open, honest, and above all, real. Every person is valued here and plays an important role in our shared success. Global Impact - As a global team spanning continents, boundaries, and cultures, every day we are inspired by the impact our work has on our colleagues, our customers, our communities, and the world at large. Diversity, Equity and Inclusion - We celebrate each others differences, continuously strive for equality and recognize that inclusion makes us stronger as individuals, a company and a global citizen. Position Summary: This position will work with Bulletproof employees to extract internal requirements for the configuration of an Audit Automation Platform. The candidate will need to define the best approach to configure those requirements within the chosen Audit Automation platform. This includes, but it is not limited to implementing checklists starting from a given technical standard, implementing report and audit plan templates and define workflow logic. Those requirements need to be maintained within the platform as the number of checklists served is increasing and as the audit methodology evolves. This position's main duties are regarding the configuration and maintenance of a chosen Audit Automation Platform. Responsibilities: Configure audit templates and checklists in the Audit Automation Platform Translate compliance frameworks (e.g., ISO 27001, NIST, SOC 2) into structured audit workflows Maintain and update templates based on evolving audit needs Support internal users and troubleshoot platform issues Document configuration guidelines and best practices Liaise with auditors and IT/security stakeholders to ensure audit readiness Develops and reviews security audit reports for quality assurance. Collaborating with clients to develop appropriate remediation plans. Collaborating with colleagues in other lines of services in support of client needs for Information Security Services. Follows, maintains and suggests improvements to standard operation procedures (SOP) Follows, maintains and suggests improvements to workflow and Audit Automation Platform interface Provides clients with exceptional service in a professional, courteous and timely manner. Perform other related duties as assigned. Defines the scope for information security audit assignments. Support the team technical development (e.g. through service development or research) and contribute to technical processes overall. Required Education / Credentials / Qualifications: Degree in Computer Science, Information Systems, Engineering or related major from an accredited University or equivalent College Diploma and related experience. Prior experience with audit or compliance automation tools (experience with AuditBoard, Vanta, Drata or Intact Platform is a plus) Familiarity with IT/IS audit and compliance standards (ISO 27001, NIST, SOC 2, etc.) Strong skills in configuring structured templates and workflows Ability to understand and map audit requirements into platform configurations Detail-oriented, organized, and self-motivated Clear written and verbal communication in English Must have in-depth experience designing and implementing information security solutions. The following skills are preferred but not required: Basic scripting or low-code experience (depending on customization features) Experience working with internal IT or security teams Familiarity with other GRC tools or platforms

This will be an Individual Contributor role to start and can evolve over time based on how this function matures. You will play a critical role in the companys tech infrastructure, processes which will be fully aligned with regulatory, security and business continuity standards. Key Responsibilities Draft, coordinate monitor IT processes policies to ensure compliance as per IT Act, regulatory bodies (e.g. RBI, SEBI, GDPR, UIDAI etc.), info security (ISM) guidelines and other applicable laws with respect to Technology, in coordination with internal external stakeholders Prepare update business-wise IT infra details required by the Compliance/Legal teams for regulatory filings and 3rd party audits Conduct vendor risk assessment audits ensure identified gaps are proactively filled Introduce new processes policies by conducting market studies surveys relevant to our business Plan, formulate, coordinate, implement monitor the cyber crisis management plan (CCMP) Incident Management and resolution Interface with external auditors and set up processes to ensure all Infosec audits go smoothly Formulate, implement, review monitor BCP Requirements 4-6 years of experience, including being SPOC for Infosec audits In-depth knowledge of technology, security, risk, and compliance best practices Strong capability in interfacing with both technology and business teams Detailed understanding of security monitoring, threat intelligence vulnerability management A self-driven attitude with a strong sense of ownership Experience with RBI and/or SEBI (preferred) audits is a big plus Assisting the team to conduct Technology Committee Assisting the Risk Officer to conduct independent assessments of the business functions Provide timely data for Risk Management Committee

Manage audits - plan to finish Background 3 yrs in either Telecom software/Protocol, Embedded systems, Mobile Device & Mobile Applications, IOT Blockchain, Artificial Intelligence, UAS software systems, applications /IT system /Software product test Provident fund Annual bonus

TransUnion works with businesses and consumers to gather, analyze, and deliver critical information needed to build strong economies around the world. Protection of that information is critical to our customers and business. As part of our 2020 transformation journey, we became Global Audit & Advisory (GAA), formerly Internal Audit. As a Specialist III you will be part of the GAA team and be responsible for conducting Cybersecurity and IT audit engagements throughout the organization that support business objectives, best practices, and regulatory requirements. The incumbent will be responsible for the planning, execution, reporting, and follow-up on all audit engagements by participating on an audit team or at times independently leading engagements under the direction of GAA Management. This position will report directly to the Senior Lead and will work closely with other GAA Team Associates on key projects and initiatives as well as coordinate closely with our external auditors. The Global Audit & Advisory team is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of TU. GAA assists the organization in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organizations risk management, control and governance processes. GAA collaborates with the Business Units, Functional leadership and their Associates in developing strong, professional and independent relationships to ensure a comprehensive understanding of the business to enable value added recommendations that improve efficiency and effectiveness. Perform detailed examinations of cybersecurity and IT practices and controls throughout the organization using an established assessment process and framework. The essential duties are as follows: Independently perform Information technology (IT) security reviews. Initiate, scope, plan, research and conduct IT controls assessments and audits. Lead and coordinate with process owners to initiate, scope, plan, and execute periodic controls assessments as part of the internal audit function, focusing on identifying risks by evaluating the design and operating effectiveness of internal controls. Actively support security audit initiatives by aligning audit procedures with cybersecurity frameworks (e. g. , NIST, ISO 27001 etc. ), conducting control walkthroughs, testing IT security and IT general and application controls, and assessing compliance with internal security policies. Document the results of audit procedures performed that support the conclusions reached. Prepare audit reports based on the adequacy and effectiveness of controls evaluated. Support external audits and regulatory examinations as needed. Analyze information security areas including ( but not limited to these ) governance and risk management, access and password controls, cloud security, cybersecurity, physical security, system security architecture and design, BCP and Disaster Recovery, network security, application and operations security, Incident Management, data migrations and system implementations etc. Lead engagement and communicate issues to process owners, ensuring understanding of risks and actions needed to remediate risks and subsequently track remediation activities. Cross train members of the Global Audit Team, including new hires and mentor junior IT staff. Continuously monitor emerging security trends and evolving threat landscapes through ongoing research and professional development. Insights gained are integrated into the audit universe to ensure risk assessments and audit planning remain current and aligned with the organization s security posture. Perform risk assessments and assist in the development of the annual audit plan. Participate in departmental initiatives, administrative matters, and special projects. Assist with other audit engagements as needed to broaden exposure across various risk areas and support the timely execution of the overall audit plan. Impact Youll Make: 6 - 10 years of experience in an IT/Security Audit and Assessment, or Information Security Technical, Management and/or Governance role. Bachelor s or Master s degree in computer science/information technology, management information systems or related field. Industry certification such as CISSP, CISA, CISM, CEH and/or CIA required. Experience with Cloud Security audits (AWS, Azure, GCP). Knowledge of data protection laws and industry standards. Familiarity with GRC platforms (e. g. , AuditBoard, Onspring, Archer). Demonstrated in-depth knowledge of concepts, best practices and controls in a breadth of Information Security areas/domains. These include governance & risk management, access control, cybersecurity, physical security, security architecture and design, business continuity/disaster recovery, network security, application and operations security and compliance/incident management. Demonstrated ability to understand complex technologies, business processes, regulations and emerging risks. Strong technical and/or IT and Security audit background with practical knowledge of a wide variety of technologies including server infrastructure and operating systems, network and web infrastructures, database architecture, vulnerability and penetration testing assessment and Intrusion Detection/Prevention Systems. Good understanding of SOX legislation and IT and Security frameworks including COSO and COBIT. Self-starter with the ability to manage and prioritize responsibilities. Team player with proven skills in influencing people without having direct management authority. Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately. Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person. Strong risk analysis and problem solving skills. Must be flexible to ensure assessments are performed timely and manage multiple assessments simultaneously. This is a hybrid position and involves regular performance of job responsibilities virtually as well as in-person at an assigned TU office location for a minimum of two days a week. TransUnion Job Title Consultant, Audit and Advisory

Textron Specialized Vehicles Inc. is a leading global manufacturer of golf cars, utility and personal transportation vehicles, professional turf-care equipment, and ground support equipment. Textron Specialized Vehicles markets products under several different brands. Its vehicles are found in environments ranging from golf courses to factories, airports to planned communities, and theme parks to hunting preserves. Responsibilities: Develop and maintain custom objects, fields, formulas, validation rules, and flows to automate business processes and improve data integrity Manage user access, profiles, roles, permission sets, and security settings to ensure data privacy and compliance with company policies Managing configuration, customization, and integration of Salesforce Sales Cloud, Salesforce CPQ, and Salesforce Service Cloud to meet the evolving needs of our organization Work with cross-functional teams to integrate Salesforce with other systems and third-party applications using APIs, middleware, and other integration tools such as Mulesoft Create and maintain technical documentation to include process diagrams Stay updated on new Salesforce features and releases, assess their impact on existing configurations, and recommend enhancements Adhere to all IT audit and change control processes including but not limited to managing unit tests, integration testing, and user acceptance testing Qualifications: Education: Bachelor s degree in computer science, information systems, business or related field required Years of Experience: 5 or more years working as a Salesforce Administrator with focus in Salesforce CPQ, Salesforce Sales Cloud and Salesforce Service Cloud Software Knowledge: Proficiency in Salesforce configuration, customization, and administration, including but not limited to custom objects, flows, validation rules, and security settings; preferred experience with Contract Lifecycle Management and Field Service. Salesforce Certifications: Certified Administrator and Advanced Administrator required; certification in at least 2 of the following: Service Cloud Consultant, Field Service Consultant, CPQ Specialist, Sales Cloud Consultant, or Experience Cloud Consultant * Education: Bachelor s degree in computer science, information systems, business or related field required

Must have skills required : Information Systems audits, SOX audits, ISO 27001/2, NIST, Erp systems, IaaS, paas Good to have skills : SAP, SaaS, CISA, HCISPP, CHPS JOB DESCRIPTION: The Auditor, Global IT is responsible for assessing the adequacy of Global Information Technology security and controls for applications and infrastructure throughout Abbotts international and domestic organizations. The IT auditor will execute audit projects using a risk-based approach to help ensure effective testing coverage. They will identify control gaps and other areas of risk exposure related to controls within IT processes and deliver achievable, meaningful recommendations for management to mitigate the identified risks. The individual should have the demonstrated ability to communicate effectively, present professionally, and work well with the highest level of Corporate and Division management as well as his/her peer group. WHAT YOULL DO Execute Information Systems audits throughout Abbott's international and domestic organizations. Assess the design and development of security solutions and their adherence to applicable policies and comply with information security requirements. Prepare and present audit findings to senior management. Maintain comprehensive historical audit work paper documentation that fully supports reported audit results, leveraging established department tools and standards. Proactively communicate with key stakeholders regarding audit status, findings and other relevant issues. Stay abreast of current and emerging security risks. Research new technologies, understand existing processes, and reference recognized standards and frameworks. Work collaboratively with others on the Corporate Audit team to proactively assess organizational IT risks and ensure effective audit coverage. Identify control gaps and other areas of heightened risk exposure related to governance, risk management and internal controls within IT processes. Design and deliver achievable meaningful recommendations for management to mitigate the identified risks. EDUCATION AND EXPERIENCE YOULL BRING Required BA/BS degree in Business, Computer Science, Management Information Systems or related field, or equivalent practical experience. 1.5-3+ years of related experience with a top-tier consulting or public accounting firm in one of the following two areas required: Execution of Information Systems audits, including Application, Platform or General IT Controls; or conducting information security assessments or implementing information security controls. Strong interpersonal and communication skills are required. 0-10% travel to Abbott's International and Domestic locations required. Preferred Experience with auditing major ERP systems (i.e. SAP) Experience with auditing IaaS, PaaS, SaaS services and solutions Experience with SOX audits and compliance requirements Deep insight of best practice standards and frameworks, such as ISO 27001/2 and NIST. Understanding of network and system security technology and practices across major-computing areas. Experience with Technology Risk Management / IT Audit function in Enterprise organizations. Certifications such as HCISPP, CHPS, CISA, CISSP, CISM, CRISC, CIPP. Manufacturing and/or international business experience. Foreign language skills.

Drafting, Reviewing, Updating, and Enforcing Information Security Policies: Responsible for the formulation, periodic review, update, and organization-wide enforcement of information security policies and procedures in line with regulatory and industry standards. Implementing IS Related Controls as per Regulatory Requirements and Industry Best Practices: Ensures timely implementation and tracking of security controls as mandated by regulators and aligned with globally accepted standards such as ISO 27001, NIST, and PCI DSS. Coordinating Security Audits as per Regulatory Requirements: Acts as the central coordinator for internal, external, and regulatory audits, ensuring availability of evidence, responses, and closure of observations. Conducting Training and Awareness (Phishing and Quiz): Plans and executes regular security awareness programs, phishing simulations, and quizzes to build a security-conscious culture among employees. Performing IS Risk Assessment / GAP Assessment: Conducts periodic risk and gap assessments to identify, evaluate, and mitigate security weaknesses across systems, processes, and third parties. M aintenance of ISO 27001:2022 and PCI-DSS Certification: Manages and coordinates activities necessary to maintain ISO 27001:2022 and PCI DSS certification status, including audits, documentation, and corrective actions. Monitoring Ongoing IS Compliances through Compliance Calendar : Acts as a checker by maintaining a compliance calendar and tracking entity-wise and function-wise adherence to security compliance requirements. Policy, Process, and Other IS-Related Audits : Conducts independent assessments of IS policies, procedures, and control effectiveness to ensure compliance and identify opportunities for improvement. Participating in Regulatory Inspections: Supports regulatory inspections related to information security by providing necessary documentation, system access, and clarifications. Incident Management: Reviews information security incidents to find trends, causes, impact, and check how well responses worked; ensures incidents are reported to regulators on time as per rules; and regularly updates senior management or the board on security status, key risks, incidents, and compliance

Role & responsibilities : Have in-depth knowledge of governance, risk, and compliance, including internal auditing, audit standard, risk and compliance, cyber security review, policy review, ISO 27001, ISMS etc. Perform testing of IT Application Controls, IPE, and Interface Controls through code reviews, IT General Controls review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster Recovery. Perform Risk Assessment, identification, and Evaluation of Controls, prepare process flow diagrams and document the same in Risk & Control Matrix. Perform business process walkthrough and controls testing for IT Audits. Performing planning and executing audits, including - SOX, Internal Audits, External Audits Conducting controls assessment in manual/ automated environment Prepare/Review of Policies, Procedures, SOPs Maintain relationships with client management and the project Manager to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations. Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the work to be performed. Coordinate effectively and efficiently with the Engagement manager and the client management keeping both constantly updated regarding projects progress. Collaborate with other members of the engagement team to plan the engagement and develop relevant workpapers/deliverables.

Opportunity for a remote role. Experienced in GDPR, HIPAA, PCI-DSS, ISO 27001, SOC 2 compliance. Led implementation and maintenance of compliance programs including TPRA. Skilled in IT audit planning, ISO 27001 audits, and reporting.

Lead and support IT compliance audits and assessments aligned with ISO 27001 and SOC 2 standards.Understanding of regulatory compliance standards, such as GDPR, HIPAA,PCI-DSS,or ISO27001.Understanding of cloud platforms (AWS, Azure, or Google Cloud)

About the Vacancy IT Advisory Risk Consulting IT Audit & Assurance KPMGs IT Advisory Risk Consulting team is looking for Managers to join their IT Audit & Assurance team. Team provides Independent assurance on controls in place across client’s IT environment and ways to mitigate Technology risks. Skill set for IT Audit - IT Audit with knowledge of IT governance practices Good to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (e.g. NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc.) Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodology Prior IT Audit experience in areas of ITGC, SOX 404, SOC-1 and SOC-2 Audits and Application Controls Exposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantage Strong project management, communication (written and verbal) and presentation skills Knowledge of security measures and auditing practices within various applications, operating systems, and databases Qualifications Bachelor's degree in an appropriate field from an accredited college/university Project or team lead experience, specifically within a consulting firm is preferred Excellent written and verbal communication, facilitation, and presentation skills with the ability to gain the confidence and respect of senior level executives Strong analytical and problem solving skills Ability to work well in teams Ability to work under pressure – stringent deadlines and tough client conditions which may demand extended working hours Willingness to travel within India or abroad for continuous long periods of time Demonstrate integrity, values, principles, and work ethic and lead by example

Looking for Immediate Joiners only !!! Job Title: Con/Assistant Manager/Manager Role: Cyber Location: Gurgaon & Noida Job Description: Have in-depth knowledge of governance, risk, and compliance, including internal auditing, audit standard, risk and compliance, cyber security review, policy review, ISO 27001, ISMS etc. Perform testing of IT Application Controls, IPE, and Interface Controls through code reviews, IT General Controls review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster Recovery. Perform Risk Assessment, identification, and Evaluation of Controls, prepare process flow diagrams and document the same in Risk & Control Matrix. Perform business process walkthrough and controls testing for IT Audits. Performing planning and executing audits, including - SOX, Internal Audits, External Audits Conducting controls assessment in manual/ automated environment Prepare/Review of Policies, Procedures, SOPs Maintain relationships with client management and the project Manager to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations. Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the work to be performed. Coordinate effectively and efficiently with the Engagement manager and the client management keeping both constantly updated regarding projects progress. Collaborate with other members of the engagement team to plan the engagement and develop relevant workpapers/deliverables. Perform fieldwork and share the daily progress of fieldwork, informing supervisors of engagement status

Information Security GxP Specialist What you will do Let’s do this. Let’s change the world. In this lead role you will support the GRC Governance / Policy & Audit team working closely with Technology teams to help ensure that GxP controls are in place, GxP deviations are managed and monitored, and security standards are met. The GxP Specialist will assist in owning and maintaining GxP deviation records, performing GxP assessments, managing controlled documents, and supporting regulatory compliance efforts. Roles & Responsibilities: GxP Governance Leadership: Support the GRC organization in leading a team of GxP and/or policy analysts performing tasks related to governance, GxP deviation management, document management, and policy exception processes. GxP Deviation and CAPA Management : Manage and own technology related GxP deviations, CAPA, and CAPA-EV records Manage GxP reporting and monitoring metrics for Technology/IT records Collaborate with record owners and QA to ensure timely record resolution Assist in the identification and evaluation of risks associated with GxP deviation records. Identify and support new record owners across IT/Technology (e.g. office hours, ad-hoc meetings, document management support). Attend enterprise network meetings as needed to represent the Technology / IT function. GxP Deviation Monitoring and Improvements: Recommend deviation management improvement strategies across Technology/IT. Collaborate with Quality, IT application, cybersecurity, and business teams to supervise and resolve identified risks and vulnerabilities associated with deviations and CAPA’s. Assist in conducting CAPA applicability assessments, time studies, and related initiatives to identify impacts and improvement opportunities in IT systems, processes, and policies. Supervise, monitor, and report on the efficiency of existing GxP records, trends, and recommend improvements as needed. Governance and Regulatory Support: Ensure compliance with relevant industry standards and regulatory requirements (e.g., GxP, GDPR, SOX, NIST). Assist in proactive measures to facilitate compliance, such as collaborating with stakeholders to initiate periodic reviews Assist in the preparation for audits and inspections by internal and external parties, providing documentation and evidence of IT GxP deviation management practices. Support the development and implementation of IT governance, risk, and compliance frameworks and continuous improvements. Support the development and implementation of IT governance, risk, and compliance policies as well as supporting documentation, and their continuous improvements. Track and monitor document reviews, and support document owners to ensure timely periodic review completion. What we expect of you We are all different, yet we all use our unique contributions to serve patients. The GxP security professional we seek is collaborative and action-oriented with these qualifications. Basic Qualifications: 5+ years of experience in IT GxP deviation management, IT quality management, IT auditing, or information security. Hands-on experience with deviation management tools and associated frameworks (e.g., ISO 27001, NIST, COBIT). Master’s degree and 4 to 6 years of information technology, Cybersecurity, Risk Management, or a related field experience OR Bachelor’s degree and 6 to 8 years of information technology, Cybersecurity, Risk Management, or a related field experience OR Diploma and 10 to 12 years of information technology, Cybersecurity, Risk Management, or a related field experience Preferred Qualifications: Good understanding of GxP deviation management, controlled document management, IT infrastructure & systems, and security standard methodologies. Ability to assess technical and business risk related to information systems. Excellent problem-solving, analytical, and communication skills. Ability to communicate complex GxP and risk concepts to non-technical collaborators. Familiarity with regulatory frameworks and compliance standards (e.g., GxP, GDPR, HIPAA, SOX). Technical Knowledge : Proficiency with GxP deviation management tools, GRC (Governance, Risk, and Compliance) software, controlled document management tools, enterprise change management tools, and security incident management tools. Experience with security controls related to networks, databases, and cloud environments. Soft Skills: Excellent analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Ability to manage multiple priorities successfully Team oriented, with a focus on achieving team goals Strong presentation and public speaking skills What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. Apply now and make a lasting impact with the Amgen team. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

What you will do In this vital role you will support the analysis, design, and implementation of information systems solutions to meet business requirements. You will collaborate with multi-functional teams to gather and document system requirements, perform system testing, solve issues, and provide end-user support. Your attention to detail, analytical skills, and deep technical competence will contribute to the successful delivery of IT projects and the continuous improvement of business processes. Role Description: The Sr. Associate is a vital part of the Governance, Risk and Compliance (GRC) team within Cybersecurity and Digital Trust (CDT). This team is part of Amgen's Technology team. In this position you are responsible for enabling Information Technology Sarbanes-Oxley (SOX) Compliance. You are required to collaborate with the IT SOX Compliance Manager, service owners, engineers, and other Amgen internal partners such as Finance, Compliance, Corporate Audit and Law department to develop, maintain, and improve Amgens Information Compliance. Roles & Responsibilities: You will bring forth out of the box thinking, an agile mentality and proven domain expertise and innate understanding of IS controls to empower IS process and product owners to build and maintain IT solutions with compliance, by design. You will perform the following activities, and any additional tasks required to attest that our systems, applications and infrastructures subjected to different aspects of compliance are able to verify adherence efficiently and effectively. Support the IS SOX Controls Management and Compliance function Coordinate, collaborate, and communicate with IT personnel across the organization to ensure that our IS SOX process is followed as required by our organization Ability to demonstrate solid sense of ownership, detail orientation, keen focus on quality and setting clear expectations In charge of working with process owners, internal, and external auditors in support of our quarterly certification process Collaborate and support any SOX evidence request efforts made by Internal and External Audit teams Develop and promote educational mentorship resources that will help facilitate new owners understanding of the Sarbanes-Oxley Act and their responsibilities Prepare documentation to identify control gaps Create and author documentation and training materials Participate in walkthroughs with system, service, and process owners Review and analyze SOX systems and applications showing in Configuration Management Database (CMDB) for SOX applicability and ensure all components are collected and accounted for Deep understanding of IT infrastructure and hands on experience in Information Technology Infrastructure Library (ITIL) and System Development Life Cycle (SDLC) Assess the risks of IT audit findings, identify mitigating controls and incorporate in IT process framework continual improvement Map regulatory requirements across functions to identify compliance and audit response efficiencies while liaising with internal auditors and IT service owners to ensure information assurance processes are mature, and outcomes are effective by appropriately addressing and raising relevant risks to policy and regulatory compliance Maintain awareness of changing technology environments, implementation methodologies and frameworks used to support responsible functions (e.g., AI, machine learning, Dev Ops, etc.) Ensure quality of work and timeliness across different functional deliverables and take ownership of issues and coordinate through to completion What we expect of you We are all different, yet we all use our unique contributions to serve patients. The [vital attribute] professional we seek is a [type of person] with these qualifications. Basic Qualifications: Masters degree in information technology or Cybersecurity OR Bachelors degree with 2+ years of experience in regulatory compliance and IT auditing Preferred Qualifications: Functional Skills: Must-Have Skills: 3+ years of IT audit, Information Technology / Security control assurance or enterprise IT compliance experience Working knowledge of Information Governance principles and Information Security principles: confidentiality, integrity, and availability Knowledge of international standards for Information Technology and Information Governance Experience working with various technologies, IT frameworks and methodologies Demonstrable ability to understand the concepts of new cloud technologies and other paradigms such as emerging Big Data technologies, lean methodologies to propose appropriate controls and compliance mentorship Strong written and verbal communication, including the ability to explain technical matters to a non-technical audience Possess strong organizational and collaboration skills Strong written and verbal communication, including the ability to explain technical matters to a non-technical audience Possess strong organizational and collaboration skills Working in large / global corporate environments involving multiple businesses Good-to-Have Skills: Working experience with Governance, Risk and Compliance (GRC) tools. Exceptional teamwork encompassing multi-functional teams, peer relationships, informing, understanding and appreciating differences Good ability to convey and influence complex information compliance, risk and security issues in a manner that is easily understood and actionable Ability to effectively facilitate and inspire change within the organization. Developing / delivering presentations to large audiences and at all levels within the organization Professional Certifications: Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) SANS Global Information Assurance Certifications (GIAC) Soft Skills: Good communication and collaboration skills, particularly when working with global teams. Ability to manage and prioritize tasks effectively in a high-pressure environment. Critical thinking and problem-solving abilities, especially in incident response situations. A commitment to continuous learning and knowledge sharing.

Cyber and 3rd party risk analyst About Amgen Amgen harnesses the best of biology and technology to fight the world’s toughest diseases, and make people’s lives easier, fuller and longer. We discover, develop, manufacture and deliver innovative medicines to help millions of patients. Amgen helped establish the biotechnology industry more than 40 years ago and remains on the cutting-edge of innovation, using technology and human genetic data to push beyond what’s known today. What you will do Role Description: The role is responsible for identifying, analyzing, and mitigating IT-related risks to the organization. This role will involve working closely with various departments to ensure that risk controls are in place, policies are adhered to, and security standards are met. The IT Risk Analyst will assist in developing and maintaining risk management frameworks, performing assessments, and supporting regulatory compliance efforts. Roles & Responsibilities: Risk Identification and Assessment : Conduct risk assessments to identify vulnerabilities in IT systems, processes, and policies. Assist in the identification and evaluation of risks associated with third-party vendors and partners. Maintain the IT risk register, documenting risks, issues, and remediation actions. Risk Mitigation and Monitoring : Recommend risk mitigation strategies and implement risk management controls across IT infrastructure. Collaborate with IT, cybersecurity, and business teams to track and resolve identified risks and vulnerabilities. Monitor and report on the effectiveness of existing IT risk controls and recommend enhancements as needed. Compliance and Regulatory Support: Ensure compliance with relevant industry standards and regulatory requirements (e.g., GDPR, SOX, PCI-DSS, NIST). Assist in the preparation for audits by internal and external parties, providing documentation and evidence of IT risk management practices. Support the development and implementation of IT governance, risk, and compliance frameworks. Vendor Risk Management : Conduct vendor risk assessments, ensuring third-party services and products align with internal risk and security policies. Regularly review vendor performance and risk exposure, working with procurement and legal teams as necessary. What we expect of you Basic Qualifications and Experience: Education : Bachelor’s degree in information technology, Cybersecurity, Risk Management, or a related field. Certifications such as CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or CISSP (Certified Information Systems Security Professional) are highly desirable. Experience: 2 - 4 years of experience in IT risk management, IT auditing, or information security. Hands-on experience with risk management tools and frameworks (e.g., ISO 27001, NIST, COBIT). Skills and Competencies : Strong understanding of IT infrastructure, systems, and security best practices. Ability to assess technical and business risk related to information systems. Excellent problem-solving, analytical, and communication skills. Ability to communicate complex risk concepts to non-technical stakeholders. Ability to assess and interpret security-related clauses in third-party contracts, such as Security Requirements Schedules (SRS) Familiarity with regulatory frameworks and compliance standards (e.g., GDPR, HIPAA, SOX, PCI-DSS). This role involves second shifts2pm-11pm IST Technical Knowledge : Proficiency with risk management tools, GRC (Governance, Risk, and Compliance) software, and security incident management tools. Experience with security controls related to networks, databases, and cloud environments. Soft Skills: Excellent analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Ability to manage multiple priorities successfully Team oriented, with a focus on achieving team goals Strong presentation and public speaking skills Collaboration across global teams What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. Apply now for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.