297 It Risk Jobs

SUMMARY About the Company: The client is the captive technology arm of a leading German-headquartered global insurance group. With a substantial international footprint, this financial services giant operates across more than 50 countries and employs a workforce exceeding 50,000 professionals. To deliver seamless IT solutions and support its extensive worldwide operations, the company established a dedicated technology hub in India, strategically located in Hiranandani Gardens, Powai, Mumbai. This center is crucial for the group's global technology strategy. Location: Mumbai Designation: Senior Portfolio Management Officer Experience: 5-8 Yrs Requirements Required Skills: 5 to 8 years of overall IT experience managing complex programs and project portfolios, stakeholder communication and reporting. Strong understanding of cybersecurity and IT risk topics (e.g., SIEM, ISMS, TPRM) Proficiency in project and portfolio management tools Advanced knowledge of Excel and PowerPoint and Power Bi Nice-to-Have Skills: Proven experience engaging with C-level executives PMP/Prince welcomed Think Cell preferred Benefits

Co-ordinate with departments to identify, mitigate & manage risks Idea of Indian regulatory system related to IT risk mgt Define & Assess Key Risk Indicators Perform Root Cause Analysis ,IT General Controls & Risk Control Self-Assessment Required Candidate profile Exp in related field IT risk management/IT security standards Exp to Risk Management & Governance Frameworks/ Systems & multiple ERP systems Knowledge of data analysis/GRC tools ISO 27000/ 27001 Perks and benefits +10% Perf bonus +0-30% Org Revenue Bonus +Medclaim

Co-ordinate with departments to identify, mitigate & manage risks Idea of Indian regulatory system related to IT risk mgt Define & Assess Key Risk Indicators Perform Root Cause Analysis ,IT General Controls & Risk Control Self-Assessment Required Candidate profile Exp in related field IT risk management/IT security standards Exp to Risk Management & Governance Frameworks/ Systems & multiple ERP systems Knowledge of data analysis/GRC tools ISO 27000/ 27001 Perks and benefits +10% Perf bonus +0-30% Org Revenue Bonus +Medclaim

Responsibilities The new TDA-ITMA PowerBI Developer will: Foster a collaborative and high performing team Rapidly and effectively adapt to highly dynamic and fast-paced work environment Develop expertise in the IT and corporate data landscape including plans for change in underlying operational systems Solution and build IT Operations dashboards using PowerBI Support the current ITMA databases (MS SQL Server) and data platform (Azure, Synapse) and evolution required to enable new ITMA reporting and analytics data sources and products Pursue relentless automation to reduce unnecessary and error prone practices with analytics on common datasets Ensure all ITMA implementations adhere to all relevant NT IT Risk and Control Standards ensuring all cybersecurity and other risks are properly managed. Research and advise on technical options regarding decisions related to data platform and/or BI Tool decisions Carries out complex initiatives involving multiple disciplines and/or ambiguous issues Displays a balanced, cross-functional perspective, liaising with the business to improve efficiency, effectiveness and productivity Assist internal customers with acceptance and adoption of implemented solutions to transition to an operating model that will deliver value from the analytics solution Provide support, as needed, on existing reporting and analytics production products Participate in special projects as needed and perform other duties as assigned Skills Experience 10+ years of IT experience with 4+ years of building and supporting PowerBI dashboards Good working Knowledge in database products, SQL and all associated tooling Working knowledge of full stack technology solutions with a focus on data Understanding of IT Operations and its metrics and measurements is a plus Curious, highly flexible and adaptable to change Team player and supportive of developing skills of others Strong financial acumen and ability to work across the business Bachelor s Degree in a related field and/or equivalent work experience required Excellent oral and written communication skills are required Seasoned multi-disciplinary expert with technical and business knowledge and functional expertise Eager to learn and explore in area of AI tools like copilot is a plus as team has various AI initiative planned for coming year.

Implement ISMS System and monitor and manage informationsecurity as per ISO 27001 and support audit and compliance. Should be CISA certified. Should have 5 to 10 yrs of Experience with atleast 4 to 5implementation

Drop Resume on - ap00841743@TechMahindra.com or call on - 9354498578 Roles and Responsibilities:- Act as the Single Point of Contact (SPOC) for all compliance-related matters across delivery teams, support functions, and client stakeholders. Collaborate with ISG, legal, and delivery leadership to address compliance risks and drive resolution. Design and implement a structured risk assessment framework to identify and mitigate process, policy, and SOW-related risks. Lead regular audits across operations and support functions to ensure adherence to QMS, ISMS, Data Privacy, and BCP standards. Drive SOW compliance and monitor for ticket-level fraud and transactional anomalies. Establish and maintain a robust control plan using heuristics and sampling techniques to ensure detectability across risk areas. Execute periodic transactional audits and fraud detection mechanisms. Enforce a zero-tolerance policy for non-compliance and fraud. Publish daily and weekly compliance dashboards with actionable insights. Leverage data analytics and risk assessment tools (FMEA, Excel, Quality Tools) to drive decision-making and reporting. Lead compliance improvement initiatives using Lean, Six Sigma, PDCA, and other structured methodologies. Support contract reviews and change management processes related to compliance domains. Ensure development and maintenance of project-specific documentation aligned with organizational standards (Model of Excellence, InfoSec, Physical Security, etc.). Coordinate internal and external audits, including client and certifying body audits. Manage a team of Compliance Analysts, Team Leads, and remote staff. Drive compliance training programs for delivery and support teams to build awareness and accountability. Applicants Specifications & Qualification: Graduate in any discipline with 58 years of experience in BPO/Tech Support/Telecom/Retail operations. Proven expertise in risk management, compliance frameworks, and audit methodologies. Certified Lead/Internal Auditor for ISO 27001 with hands-on implementation experience. Exposure to ISO 22301 (BCP), ISO 27701 (Privacy), and ISO 9001 (Quality). Experience in conducting internal audits, SOW reviews, and managing client/certification audits. Strong analytical and reporting skills; proficiency in Excel, FMEA, and quality tools. Excellent communication and stakeholder management skills, including experience working with senior executives. Strategic thinker with the ability to innovate and optimize compliance processes. Assertive leadership style with strong conflict resolution and team management capabilities.Self-motivated, collaborative, and adaptable in high-pressure environments

Experience & Role: Internship, project work, or academic exposure to IT Risk, Information Security, or GRC topics will be beneficial. Will work under the guidance of the Risk Management team on real-time projects and operational support tasks. Key Responsibilities: Support in tracking risk items and control remediation status across departments. Participate in drafting or reviewing internal policies, procedures, and documentation. Help coordinate meetings, training, or awareness sessions related to IT risk and governance. Aid in the preparation of risk reports and dashboards. Support third-party risk assessments and follow-ups with stakeholders. Assist in documenting IT General Controls (ITGC) processes and observations. Contribute to projects related to regulatory compliance, control testing, and cybersecurity awareness. Skills and Requirements: Understanding of fundamental IT principles, systems architecture, and IT process flows. Knowledge of Risk Management frameworks and IT Governance processes. Basic understanding of IT/cybersecurity frameworks (ISO 27001, NIST, COBIT, etc.). Interest in IT General Controls (ITGC) and IT Application Controls (ITAC). Desire to explore GRC tools. Analytical mindset and attention to detail. Good communication and coordination skills. Ability to work with cross-functional teams in a supportive role. Learning Opportunities: Exposure to real-world IT and cybersecurity risk management practices. Hands-on experience with risk assessment processes and compliance monitoring. Understanding the intersection of enterprise IT systems and cybersecurity controls. Opportunity to collaborate with cross-functional teams in a dynamic IT environment

Role & responsibilities T Infrastructure Management: Oversee the design, implementation, and maintenance of the organizations IT infrastructure, including servers, networks, storage, and On-prim systems. Manage and optimize the performance, scalability, and security of IT systems. Ensure high availability and disaster recovery plans are in place and tested regularly. Troubleshoot and resolve infrastructure-related issues, ensuring minimal downtime. Collaborate with cross-functional teams to assess and implement new infrastructure solutions. Governance, Risk, and Compliance (GRC) Management: Develop and implement GRC policies, processes, and controls to ensure adherence to regulatory requirements and industry standards (e.g., GDPR, HIPAA, ISO 27001). Conduct regular risk assessments and audits to identify potential vulnerabilities in IT systems and infrastructure. Assist in the creation of risk management frameworks and compliance strategies. Ensure that the organizations IT infrastructure aligns with compliance requirements and mitigates any risks. Maintain up-to-date knowledge of evolving GRC regulations and standards. Security & Risk Management: Work closely with the security team to implement robust security measures, including firewalls, intrusion detection systems, and encryption protocols. Monitor and report on compliance and risk levels within the IT infrastructure, making recommendations for improvements. Lead incident response and recovery efforts in case of security breaches or compliance violations. Documentation & Reporting: Maintain detailed documentation of IT infrastructure configurations, system changes, and GRC compliance activities. Prepare regular reports on IT infrastructure performance, risk assessments, compliance status, and incident management for senior management. Assist with audits by providing necessary documentation and evidence of compliance. Collaboration and Training: Collaborate with IT teams, legal, compliance, and business units to ensure compliance initiatives are integrated into all stages of IT project development. Provide training and guidance to staff on best practices for IT security, risk management, and compliance. Work with external auditors and consultants as needed for compliance reviews and assessments. Preferred candidate profile Bachelors degree in information technology, Computer Science, Cybersecurity, or a related field. A minimum of 5 years of experience in IT infrastructure management, with a focus on governance, risk management, and compliance (GRC). Proven experience with GRC tools and frameworks, including risk assessments, audits, and regulatory compliance. Strong knowledge of IT infrastructure components (e.g., servers, networks, storage, on-prim services). Familiarity with industry standards and regulations (e.g., ISO 27001 etc). Solid understanding of security principles, firewalls, VPNs, and encryption technologies. Excellent problem-solving skills and ability to troubleshoot complex infrastructure issues. Strong communication and interpersonal skills, with the ability to collaborate effectively with both technical and non-technical teams

JOB SUMMARY The position contributes to developing and implementing security measures to protect computer systems, networks, and data. Essential Duties/Responsibilites Monitors networks for security breaches (and investigates violations when they occur) and firewalls and data encryption programs to protect sensitive information Prepares reports that document security breaches and the extent of the damage caused by the breaches Performs tests and assisting with network disaster recovery plans Performs risk assessments and tests data processing systems Recommends security improvements and procurements Collaborates with technology and business partners across functions and processes to ensure alignment, understanding, and ongoing communication about security controls, IT risk management, and regulatory/compliance requirements Develops recommendations and assists in implementing changes to improve processes, procedures and compliance, resulting in improved information security, service continuity, or reduced IT risk Performs other duties as assigned Complies with all policies and standards QUALIFICATIONS Education Bachelors Degree or equivalent experience - preferred Work Experience Typically 2+ years Licenses and Certifications CEH: Certified Ethical Hacker, CompTIA Security+ - preferred Knowledge, Skills and Abilities Demonstrated problem-solving and analytical skills Ability to gain proficiency with, a broad array of security software applications and tools Solid understanding of computer-related security systems including firewalls, encryption, and password protection and authentication Proficient in Microsoft Office Suite or related software Excellent verbal and written communication skills Organized with attention to detail Work Environment: Work in a clean, pleasant, and comfortable office work setting. The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable persons with disabilities to perform the essential functions. This position is 100% in office.

Cyber Advisory analyst is responsible for providing consultation on various cyber security requirements for applications, infrastructure, and emerging technologies Skillset required: In-depth understanding of cyber security framework and industry standards (NIST CSF, ISO27001/2, OWASP, etc.), Threat Modeling and IT Risk Assessment Proficiency in IAM technologies, concepts, and best practices, including identity lifecycle management, access control, authentication mechanisms, and federation protocols. Proficiency in API security concepts, standards, and best practices, including OAuth, OpenID Connect, JWT, TLS/SSL, and OWASP API Security Top 10. Knowledge of computer networking and network security architecture concepts including topology, protocols, components, and principles. Deep understanding of Google Cloud Platform (GCP) services, architecture, and security features. Knowledge of emerging technologies like AI/ML, Zero Trust, LCNC etc. and willingness to learn new technologies and concepts. Strong understanding Cryptography and data protection concepts. Knowledge of laws, regulations, policies, and ethics related to cybersecurity and privacy Proficiency in conducting security assessments, risk analysis, and vulnerability management. Knowledge of DevSecOps, agile principles, and security policies. Excellent analytical and problem-solving skills to identify security risks and develop effective solutions. Excellent communication and interpersonal skills to collaborate with cross-functional teams and communicate security risks effectively. Qualifications required: Bachelor s degree in computer science, Cyber Security, or related field of study 2+ years of experience in Cyber Security or related fields of IT. Knowledge on Security Framework such as NIST CSF, ISO27001, OWASP Top-10 etc. Cyber security certifications like CISSP, CCSP, CSSLP etc. are highly desirable. Position responsibilities include: Perform a review of functional requirements of the software project. Identify relevant security requirements for this functionality by reasoning on the desired confidentiality, integrity or availability of the service or data offered by the software project Conduct thorough assessments of web applications, prioritize risks aligning with OWASP and ASVS guidelines, while implementing Information Security Policy and industry standards like ISO, NIST, CIS to support application teams in creating secure products. Support in analyzing and implementing optimized Cloud hardening controls that deliver security, compliance, and responsiveness to the latest Cloud-based threats and attacks (GCP, Azure, SaaS solutions etc.) Provide Cyber Security guidance and requirements, when a new technology is being considered/introduced as part of the enterprise s strategy Identify design flaws to assess, quantify and rank risk, help with mitigation of the open issues. Ensure tracking and closure of all critical risks before production launch Analyze stakeholder feedback and input to identify areas of alignment and potential conflicts, and work to resolve them in a timely and effective manner. Plan, research, and document appropriate and flexible security requirements for standard IT architectural components based on Industry standards (OWASP, NIST, IETF etc.) Stay updated through continuous learning on the latest cybersecurity trends and technologies, such as LLM, ZTNA, LCNC, to offer proactive and effective recommendations and solutions to stakeholders. Collaborate with cross-functional teams to ensure project scope/deliverables and expert advice provided post security assessments are in-line. Benchmark and Leverage industry best practices (e.g. OWASP SAMM) to continually improve process maturity.

The role will own, lead, and scale large, multi-client GRC programs across diverse industries. This role will own the strategy and execution of a risk-based GRC approach that identifies, measures, monitors and remediates information security and regulatory issues. Act as the primary advisor to client and executive stakeholders on risk posture, control design, audit strategy and compliance remediation driving measurable improvement in security posture and regulatory readiness. Essential Duties and Responsibilities Key Responsibilities: Strategic Program Leadership Own end-to-end delivery of large GRC projects/programs serving multiple clients and industry sectors. Define program governance, milestones, resourcing and budgets Develop and implement a risk-based GRC strategy and methodology that aligns with client business objectives, enterprise risk appetite, and applicable regulatory frameworks (e.g., NIST CSF and ISO 27001) Consolidate and right-size portfolio of audits to maximize balance of customer value and scale of organizational audit support Lead stakeholder management and executive engagement: present risk posture, compliance metrics, program status and strategic recommendations to executive management Establish and maintain a standardized and dynamic framework (policies, control libraries, risk assessment templates) suitable for cross-industry use Drive tooling, automation and data-driven reporting to scale assessments, monitoring, evidence collection and dashboards Conduct regulatory horizon scanning and translate emerging regulatory or industry changes into client requirements and program plans Key Responsibilities: Assessment, Remediation, and Reporting Direct and define comprehensive information security risk assessments and control reviews against client frameworks and regulatory requirements Define audit approach, scope, and audit programs; define audit procedures and identify required specialists Direct execution of periodic audits and control testing; prepare executive summaries Direct and define prioritized remediation and action plans, schedules, resource allocation and status reporting to reduce risk and close compliance gaps Direct full cycle remediation process ensuring high value root cause issues resolved with appropriate risk acceptance and escalation paths Define high quality control systems, standards, and governance processes; recommend policy and process changes to mitigate risk and champion continuous improvement Act as trusted advisor during incident response and compliance investigations, providing remediation and remediation monitoring support Qualifications Education: Bachelor s degree or equivalent Experience: 11+ years of IT experience with minimum 8 years of experience in Information Security Security professional with expertise in GRC: IT audits, IT general controls, third party risk management, IT Risk Assessment, ISO 27001 implementation, ISMS audits SOC2 audit experience Model for interpersonal skills and stakeholder management Useful but not required certification: CISSP, ISO 27001 Lead Auditor, CISA, CISM Work location : Bangalore (Remote) United States Equal Opportunity Employment: First Advantage is proud to be a global leader in removing barriers and supporting our community members to ensure the changing demographics of the workforce are reflected in our hiring and employment practices. We value all of our candidates, employees, and clients, and place great emphasis on hiring and supporting qualified individuals in each role. We are an equal opportunity employer. We do not discriminate on the basis of race, color, ethnicity, ancestry, religion, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, veteran status, genetic information, or any other area protected by applicable law.

Cyber Advisory analyst is responsible for providing consultation on various cyber security requirements for applications, infrastructure, and emerging technologies Skillset required: In-depth understanding of cyber security framework and industry standards (NIST CSF, ISO27001/2, OWASP, etc.), Threat Modeling and IT Risk Assessment Proficiency in IAM technologies, concepts, and best practices, including identity lifecycle management, access control, authentication mechanisms, and federation protocols. Proficiency in API security concepts, standards, and best practices, including OAuth, OpenID Connect, JWT, TLS/SSL, and OWASP API Security Top 10. Knowledge of computer networking and network security architecture concepts including topology, protocols, components, and principles. Deep understanding of Google Cloud Platform (GCP) services, architecture, and security features. Knowledge of emerging technologies like AI/ML, Zero Trust, LCNC etc. and willingness to learn new technologies and concepts. Strong understanding Cryptography and data protection concepts. Knowledge of laws, regulations, policies, and ethics related to cybersecurity and privacy Proficiency in conducting security assessments, risk analysis, and vulnerability management. Knowledge of DevSecOps, agile principles, and security policies. Excellent analytical and problem-solving skills to identify security risks and develop effective solutions. Excellent communication and interpersonal skills to collaborate with cross-functional teams and communicate security risks effectively. Qualifications required: Bachelor s degree in computer science, Cyber Security, or related field of study 2+ years of experience in Cyber Security or related fields of IT. Knowledge on Security Framework such as NIST CSF, ISO27001, OWASP Top-10 etc. Cyber security certifications like CISSP, CCSP, CSSLP etc. are highly desirable. Position responsibilities include: Perform a review of functional requirements of the software project. Identify relevant security requirements for this functionality by reasoning on the desired confidentiality, integrity or availability of the service or data offered by the software project Conduct thorough assessments of web applications, prioritize risks aligning with OWASP and ASVS guidelines, while implementing Information Security Policy and industry standards like ISO, NIST, CIS to support application teams in creating secure products. Support in analyzing and implementing optimized Cloud hardening controls that deliver security, compliance, and responsiveness to the latest Cloud-based threats and attacks (GCP, Azure, SaaS solutions etc.) Provide Cyber Security guidance and requirements, when a new technology is being considered/introduced as part of the enterprise s strategy Identify design flaws to assess, quantify and rank risk, help with mitigation of the open issues. Ensure tracking and closure of all critical risks before production launch Analyze stakeholder feedback and input to identify areas of alignment and potential conflicts, and work to resolve them in a timely and effective manner. Plan, research, and document appropriate and flexible security requirements for standard IT architectural components based on Industry standards (OWASP, NIST, IETF etc.) Stay updated through continuous learning on the latest cybersecurity trends and technologies, such as LLM, ZTNA, LCNC, to offer proactive and effective recommendations and solutions to stakeholders. Collaborate with cross-functional teams to ensure project scope/deliverables and expert advice provided post security assessments are in-line. Benchmark and Leverage industry best practices (e.g. OWASP SAMM) to continually improve process maturity.

Roles and Responsibilities Greetings from GRM Technologies!!! Providing support in IT and Cyber Risk Advisory services offered by GRM Technologies to its clients in the following domains- Information regulatory compliance (ISO 27001, PCIDSS, RBI, SEBI, SOC1, SOC2, PCI DSS, HITRUST, GDPR) Information risk management Information security and information assurance Information technology controls for financial and other systems Identifying processes and technologies to maintain and enhance the security architecture Disaster recovery and business continuity management Information privacy Have a fair understanding of Business Continuity Planning and DR Drills Should have conducted Information Life Cycle management reviews in the past Conducting Infrastructure Vulnerability Assessment and Penetration Testing Conducting Web and Mobile Application Security Assessment Conducting Secure Code Review Conducting Architecture Review Should have minimum 2-5 yrs. of experience into Cyber Security, including IT Risk, Cyber Risk & Compliance, IT Audit, Vendor Audit, VAPT, Application Security, Fraud Risk & Security. Knowledge of information security standards, principles and practices required Perform risk assessment, controls and documentation with expected standards (information technology/ business process) Conduct Infrastructure Vulnerability Assessment and Penetration Testing Conduct Web Application Security Assessment Conduct Mobile Application Security Assessment Conduct Source Code Review Perform SOX compliance audits, SOC 1 and SOC 2 audits, as well as testing and reporting Perform control testing pertaining to operating systems, data base (Windows, Unix, Oracle, MSSQL, DB2) Should be able to test basic and automated ERP ITGC controls (SAP, Oracle, etc.) Ability to draft BCP/ DR policy and carry out testing of plan and procedures would be preferable Ability to adapt to new scope areas and technologies Bring in vertical expertise in at least two verticals like BFSI, manufacturing, or more Ability to manage client communication and escalation Ability to make all attempts to guide the peers and self to improve client satisfaction scores Participate in proposal preparation Understanding of risk Appreciation for technological innovation Strong organization skills Curiosity and eagerness to learn Initiative to seek out opportunities and add value Tolerance for ambiguity and shifting priorities; appreciation of change. Should have certification on CCNA / CCNP / ITIL Exposure into ISO 27001 is mandate

Job_Description":" Key Responsibilities: Third-Party Risk Management: -Conduct end-to-end third-party risk assessments, including onboarding, ongoing monitoring, and offboarding processes. -Evaluate third parties against key risk areas such as information security, business continuity, data privacy, and regulatory compliance. -Develop and maintain TPRM frameworks, policies, and procedures aligned with industry best practices. Cyber and Risk Assessments: -Perform cyber risk assessments using established frameworks (e.g., NIST CSF, ISO 27001, SIG). -Analyze third-party security controls and provide actionable recommendations to mitigate risks. -Ensure compliance with global regulatory requirements relevant to the financial services/fintech sector. Program Design and Implementation: -Design and implement robust TPRM programs tailored to client needs. -Develop tools and dashboards for risk monitoring and reporting to key stakeholders. -Drive process improvement initiatives to enhance TPRM efficiency and effectiveness. Client and Stakeholder Engagement: -Work collaboratively with internal stakeholders, including legal, procurement, compliance, and IT teams. -Provide consulting services to clients to strengthen their TPRM and cybersecurity practices. -Support audits and regulatory assessments as a subject matter expert in TPRM. Required Skills and Qualifications: -Strong expertise in third-party risk management and related domains such as cybersecurity and IT risk. -In-depth knowledge of cyber frameworks like NIST CSF, ISO 27001, and SIG. -Experience conducting risk and cyber assessments across diverse third-party landscapes. -Strong understanding of industry-specific risks in the financial services/fintech domain (preferred). -Excellent verbal and written communication skills for report writing and stakeholder presentations. ","

Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the clients business. Demonstrate deep technical capabilities and professional knowledge. Demonstrate ability to quickly assimilate to new knowledge. Skills and attributes for success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor s or master s degree and approximately 3-6 years of related work experience At least 2-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant)

Not Applicable Specialism Risk Management Level Specialist & Summary In threat intelligence and vulnerability management at PwC, you will focus on identifying and analysing potential threats to an organisations security, as well as managing vulnerabilities to prevent cyber attacks. You will play a crucial role in safeguarding sensitive information and enabling the resilience of digital infrastructure. & Summary A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats. Responsibilities Experience in conducting IT risk assessments. Sound understanding of ISO 27001, NIST, PCI, Data Privacy, and Cloud Security. Knowledge on application infrastructure architecture. Knowledge on SaaS application architecture. Knowledge on database and middleware communication. Knowledge on API security. Good communication skills. Good team player. Good presentation skills and senior stakeholder management. Certifications CISA, CISSP, CCNP, CCSP, CISM, CRISC etc. Mandatory Skill Sets IT Risk, ISO 27001, NIST, PCI, Data Privacy, and Cloud Security. Preferred Skill Sets Stakeholder Management, Team Management Years of Experience 1+ Years Educational Qualification BE, B.Tech, M.Tech, MCA, MBA graduates. Education Degrees/Field of Study required Bachelor of Technology Degrees/Field of Study preferred Required Skills Information Technology (IT) Risk Accepting Feedback, Accepting Feedback, Active Listening, Cloud Security, Communication, Conducting Research, Cyber Defense, Cyber Threat Intelligence, Emotional Regulation, Empathy, Encryption, Inclusion, Information Security, Intellectual Curiosity, Intelligence Analysis, Intelligence Report, Intrusion Detection, Intrusion Detection System (IDS), IT Operations, Malware Analysis, Malware Detection Tools, Malware Intelligence Gathering, Malware Research, Malware Reverse Engineering, Malware Sandboxing {+ 11 more} No

Job description At EY, youll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And were counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Technology Risk – Senior As an IT risk professional, you’ll contribute technically to risk assurance client engagements and internal projects. An important part of your role will be to perform IT audits, document good quality assessment reports and issue opinions. You’ll anticipate and identify risks within engagements and share any issues with the audit stakeholders. You’ll also identify potential business opportunities for EY within existing engagements and facilitate integration as appropriate. In line with EY’s commitment to quality, as an influential member of the team - you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for experienced staffs with 1 to 3 years of hands-on experience in IT Risk/Audit, Assurance and Advisory to join our Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your key responsibilities Participate, lead and execute the IT Risk and Assurance engagements Develop and maintain productive working relationships with client and onshore stakeholders Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress Help prepare reports and schedules that will be delivered to clients and other parties Develop and maintain productive working relationships with client personnel Build strong internal relationships within Ernst & Young Services and with other services across the organization Stay current with and promote awareness of applicable regulatory standards, upstream risks and industry best practices across the enterprise. Skills and attributes for success Work effectively as a team player - collaborate and share responsibility, coach, and support team members to succeed Role & responsibilities To qualify for the role, you must have B.E/B.Tech (CS/ IT, Electronics, Electronics & Telecommunications,)/MBA/M.Sc., Chartered Accountant and/or MBA with Finance/IT with at least 1-3 years of experience 1-3 years of professional experience in the areas of IT audits, ITGC, SOX / ICFR / IFC / SAS 70 / SSAE / SOC1, SOC2, IT Financial Audit and Business Automated Controls, IT Risk consulting or any other regulatory / compliance audits Expertise in pre and post implementation reviews and auditing configuration of major ERPs like SAP, Oracle, JDE, WorkDay, Netsuite, Navision etc. Expertise in performing infrastructure reviews pertaining to OS, DB and Active Directory such as Windows, UNIX, SQL, Mainframe, Oracle etc. Assist with the development of policies, procedures and standards that meet existing and newly developed policy and regulatory requirements Assist with facilitating IT security/risk training curriculum. Work closely with cross-functional teams and develop strong relationships as project lead within IT security and GRC projects. Stay current with and promote awareness of applicable regulatory standards, upstream risks and industry best practices across the enterprise Must have end-client facing experience. Ideally, youll also have CISA, CISM, CRISC, ISO27001, Cloud and Data privacy certifications IT audit knowledge for a financial audit - Control frameworks such as COSO, related regulations including SOX and J-SOX Data analytics/automation tool – SQL, Monarch, BluePrism, Alteryx, PowerBI Familiarity with a typical IT systems development life cycle

JOB SUMMARY The Information Security Manager is responsible for developing, implementing, and maintaining the organizations information security framework, policies, and controls. The role ensures the confidentiality, integrity, and availability of information assets across IT and OT environments, while aligning security initiatives with business objectives and regulatory requirements. Key Result Areas: Information Security Strategy & Governance Develop and maintain a comprehensive IT & OT security strategy aligned with organizational objectives. Define, review, and update information security policies, standards, procedures, and SOPs. Benchmark security controls with industry standards and regulatory requirements. Security Control Deployment & Technology Integration Implement and oversee IT & OT security controls across infrastructure, applications, and cloud environments. Ensure that new technologies and projects incorporate security-by-design principles. Prioritize security initiatives based on risk impact and business requirements. Security Operations & SOC Management Manage day-to-day security operations including monitoring, incident detection, and response. Operate and improve SOC capabilities (threat intelligence, SIEM, log monitoring, and vulnerability management). Coordinate vulnerability scans, configuration reviews, and patch management cycles. Compliance, Audit & Regulatory Adherence Ensure compliance with applicable laws, regulations, and standards (e.g., ISO 27001, NIST, IT Act, CEA Guidelines). Coordinate with internal/external auditors and manage closure of audit findings. Ensure accurate and timely regulatory reporting to government agencies. Risk Assessment & Vendor Management Conduct security risk assessments across IT and OT systems to identify and mitigate threats. Perform partner/vendor risk assessments prior to onboarding and periodically thereafter. Recommend controls and countermeasures aligned with industry best practices. End-User Security & Awareness Define and enforce policies for end-user computing, mobile devices, and digital workplace security. Conduct security awareness campaigns and training for employees and stakeholders. Foster a security-first culture across the organization. Incident Response & Business Continuity Support Establish and manage the incident response framework including escalation paths, communication plans, and SOPs. Lead post-incident analysis to identify root causes and corrective actions. Collaborate with IT and business continuity teams to ensure resilience and recovery. Operational Technology (OT) Security Implement and manage security controls for critical OT infrastructure including SCADA/ICS systems. Deploy a layered defence strategy using both technical and process-based safeguards. Ensure OT systems comply with both IT security and CEA Guidelines. Key Competencies (Technical & Behavioral): CompetencyDescription1. Technical Expertise in Security Tools & TechnologiesProficiency in managing enterprise-grade firewalls, IDS/IPS, EDR, SIEM, DLP, email/internet security tools, and vulnerability management platforms. Experience in cloud security (AWS, Azure, GCP) and OT security environments.2. Regulatory & Compliance KnowledgeIn-depth understanding of ISO 27001, NIST CSF, GDPR, HIPAA, PCI DSS, IT Act, and CEA Guidelines. Ability to interpret compliance requirements and translate them into actionable policies and controls.3. Risk Management & AssessmentStrong capability in identifying, analyzing, and mitigating IT and OT security risks. Skilled in performing vendor/partner risk assessments and recommending industry-standard controls.4. Incident Response & Crisis ManagementExpertise in handling security incidents, breaches, and cyber crises. Ability to lead cross-functional response teams, establish SOPs, and communicate effectively during high-pressure situations.5. Leadership & Stakeholder ManagementAbility to lead security teams, mentor junior staff, and collaborate with IT, operations, compliance, and executive management. Skilled at balancing business priorities with security imperatives.6. Analytical & Problem-Solving SkillsStrong ability to assess complex environments, identify gaps, and provide practical security solutions. Experienced in interpreting security logs, performing root cause analysis, and improving defenses.7. Communication & Awareness BuildingClear communicator capable of translating technical risks into business language for executives. Experienced in conducting awareness programs, workshops, and stakeholder education.8. Project & Change ManagementSkilled in managing multiple security initiatives simultaneously. Experience in planning, prioritizing, and delivering projects that integrate security into digital transformation initiatives. Key measures for the successful delivery of the role: EssentialsGood to HavesProven experience in IT & OT security managementExperience in energy, utilities, or critical infrastructure sectorMinimum 58 years in information security rolesExposure to international security audits & regulatorsStrong knowledge of SOC operations and incident responseHands-on experience with cloud-native security toolsCertification in ISO 27001, CISSP, CISM, or CISAAdditional certifications like CEH, CASP, or NIST Cybersecurity Framework expertiseAbility to manage audits, compliance checks, and regulatory reportingPrior experience in leading digital workplace/EUC security programs

About the Role: Grade Level (for internal use): 10 The Team Digital Solutions (DS) is an enterprise-shared technology service enabling people, functions, and divisions. We drive S&P Global to Power the Markets of the Future by working as trusted partners delivering secure, scalable, resilient, and innovative services and solutions that enable seamless experiences for our people and customers. The Impact This role rolls up to the Head of Technology Risk and Governance, in the Global Digital Technology Organization . The Head of Technology Risk and Governance drives the Digital Solutions technology risk and governance strategy, partnering with the second line of defense in Information Security, Digital Technology Services, and Corporate Platforms, as well as with Enterprise Risk and Compliance, and Audit. Responsibilities and Impact This role belongs to First Line of Defense. Support in defining a comprehensive risk inventory, focusing on granular-level risks. Support in development of detailed controls inventory for various technology processes based on various industry frameworks (COBIT, ITIL, ISO, NIST) and DS Technology Standards. Perform self- QA over the controls inventory to ensure key risks and controls are covered. Support in implementation of the Governance, Risk, and Compliance (GRC) tool, focusing on the technology aspects. Support in development of Key Risk Indicators (KRIs) and Key Control Indicators (KCIs) Establish and manage thresholds for risk indicators Coordinate with key stakeholders to ensure alignment and effective communication Develop and operationalize risk scorecards to track and report on risk metrics. Aggregate risk data to provide a holistic view of organizational risk Support in p repar ing and deliver ing comprehensive risk reports to measure performance against the organization's Risk Appetite. Prepare presentations for the Management reporting (requires very good PowerPoint presentation skills) Basic Required Qualifications Bachelor's Degree in a relevant field such as Engineering, Business, or Information Technology. 5 + years of experience in technology risk management and internal controls implementation, including both building and operating a function. Proven ability to convey complex risk topics to varied audiences, including executive leadership and technical teams. Successful track record in a global environment, with strong relationship-building and communication skills. Exceptional analytical skills and problem-solving abilities, with experience in high-pressure environments. Additional Preferred Qualifications 5 + years of experience in a large global organization in a technology risk function. Master of Business Administration or equivalent advanced degree preferred but not required . Role Location Gurgaon, Noida, Bangalore Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world.Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Health & WellnessHealth care coverage designed for the mind and body. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. ---- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ---- 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), RSKMGT202.1 - Middle Professional Tier I (EEO Job Group)

About the Role: Grade Level (for internal use): 11 The Team Digital Solutions (DS) is an enterprise-shared technology service enabling people, functions, and divisions. We drive S&P Global to Power the Markets of the Future by working as trusted partners delivering secure, scalable, resilient, and innovative services and solutions that enable seamless experiences for our people and customers. The Impact This role reports to the Head of Technology Risk and Governance, in the Global Digital Technology Organization. The Head of Technology Risk and Governance drives the Digital Solutions technology risk and governance strategy, partnering with the second line of defense in Information Security, Digital Technology Services, and Corporate Platforms, as well as with Enterprise Risk and Compliance, and Audit. Responsibilities and Impact Lead efforts in defining and documenting a comprehensive Issue Management Process document/ methodology Lead efforts to centralize control gaps/ issues in GRC tool Lead efforts in logging, tracking, monitoring and remediation of control gaps/ issues Coordinate with key stakeholders to ensure the issues are clearly articulated, mapped to appropriate risk category, mitigating controls are identified through proper risk assessment Lead efforts in periodic reporting of issues to senior Management Conduct data analysis to demonstrate trends of progress made in issue remediation by various technology processes Conduct meetings to discuss issues and risk remediation plan Lead efforts in risk exception and risk acceptance process Monitor risk acceptance scenarios and bring it to appropriate committees for reporting Prepare PowerPoint presentations to provide comprehensive and holistic issue management process What Were Looking For Basic Required Qualifications Bachelor's Degree in a relevant field such as Engineering, Business, or Information Technology. 5+ years of experience in technology risk management and internal controls implementation, including both building and operating a function. Proven ability to convey complex risk topics to varied audiences, including executive leadership and technical teams. Successful track record in a global environment, with strong relationship-building and communication skills. Exceptional analytical skills and problem-solving abilities, with experience in high-pressure environments. Additional Preferred Qualifications 5+ years of experience in a large global organization leading the technology risk function. Master of Business Administration or equivalent advanced degree preferred but not required . Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world.Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Health & WellnessHealth care coverage designed for the mind and body. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. ---- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ---- 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), RSKMGT202.2 - Middle Professional Tier II (EEO Job Group)

About the Role: Grade Level (for internal use): 12 The Team Digital Solutions (DS) is an enterprise-shared technology service enabling people, functions, and divisions. We drive S&P Global to Power the Markets of the Future by working as trusted partners delivering secure, scalable, resilient, and innovative services and solutions that enable seamless experiences for our people and customers. The Impact This role reports to the Head of Technology Risk and Governance, in the Global Digital Technology Organization. The Head of Technology Risk and Governance drives the Digital Solutions technology risk and governance strategy, partnering with the first line of defense in Information Security, Digital Technology Services, and Corporate Platforms, as well as with Enterprise Risk and Compliance, and Audit. Responsibilities This role belongs to First Line of Defense. Lead efforts to build APIs between various governance tools to streamline data integration. Lead efforts to d evelop APIs for automated risk reporting to enhance data accuracy and timeliness. Drive automation in controls, including testing and monitoring, to improve efficiency and effectiveness. Design and implement a Digital Solutions scorecard to track key performance metrics. Lead efforts to c reate and maintain a comprehensive controls/risks dashboard for real-time insights and decision-making Prepare presentations for Management reporting. What Were Looking For Basic Required Qualifications Bachelor's Degree in a relevant field such as Engineering, Business, or Information Technology. 10+ years of experience in technology risk management and internal controls implementation, including both building and operating a function. Proven ability to convey complex risk topics to varied audiences, including executive leadership and technical teams. Successful track record in a global environment, with strong relationship-building and communication skills. Exceptional analytical skills and problem-solving abilities, with experience in high-pressure environments. Additional Preferred Qualifications 12+ years of experience in a large global organization leading the technology risk function. Master of Business Administration or equivalent advanced degree preferred but not required . Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world.Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Health & WellnessHealth care coverage designed for the mind and body. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. Recruitment Fraud Alert If you receive an email from a spglobalind.com domain or any other regionally based domains, it is a scam and should be reported to reportfraud@spglobal.com. S&P Global never requires any candidate to pay money for job applications, interviews, offer letters, pre-employment training or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines, fraudulent domains, and how to report suspicious activity here. ---- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ---- 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), RSKMGT202.2 - Middle Professional Tier II (EEO Job Group)

Not Applicable Specialism Risk Management Level Senior Associate & Summary In threat intelligence and vulnerability management at PwC, you will focus on identifying and analysing potential threats to an organisations security, as well as managing vulnerabilities to prevent cyber attacks. You will play a crucial role in safeguarding sensitive information and enabling the resilience of digital infrastructure. & Summary A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats. Responsibilities Experience in conducting IT risk assessments. Sound understanding of ISO 27001, NIST, PCI, Data Privacy, and Cloud Security. Knowledge on application infrastructure architecture. Knowledge on SaaS application architecture. Knowledge on database and middleware communication. Knowledge on API security. Good communication skills. Good team player. Good presentation skills and senior stakeholder management. Certifications CISA, CISSP, CCNP, CCSP, CISM, CRISC etc. Mandatory Skill Sets IT Risk, ISO 27001, NIST, PCI, Data Privacy, and Cloud Security. Preferred Skill Sets Stakeholder Management, Team Management Years of Experience required 4+ Years Education Qualification BE, B.Tech, M.Tech, MCA, MBA graduates. Education Degrees/Field of Study required Master Degree, Bachelor Degree Degrees/Field of Study preferred Required Skills Information Technology General Controls (ITGC) Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Cloud Security, Communication, Conducting Research, Creativity, Cyber Defense, Cyber Threat Intelligence, Embracing Change, Emotional Regulation, Empathy, Encryption, Inclusion, Information Security, Intellectual Curiosity, Intelligence Analysis, Intelligence Report, Intrusion Detection, Intrusion Detection System (IDS), IT Operations, Learning Agility, Malware Analysis, Malware Detection Tools {+ 16 more} No

Are you ready to make an impact at DTCC Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional developmentAt DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve. Pay and Benefits: Competitive compensation, including base pay and annual incentive Comprehensive health and life insurance and well-being benefits, based on location Pension / Retirement benefits Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being. DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee). The Impact you will have in this role: Cyber Threat Fusion Center (CTFC) is responsible for setting strategic direction in the areas of IT Risk and Information Security. Maintains corporate security policies and control standards, acts as a second line of defense via a robust collection of risk and control assessments, reports to leadership and the Board on the status of the IT Risk and Information Security Programs, acts as an operational arm for monitoring threat intelligence, understanding when threats are being targeted against the firm, and responding to potential incidents, and serves as the main interface for Regulatory and Client reviews that focus on IT Risk and Information Security. Threat Management ensures security monitoring controls provide proper coverage, data quality, and effectiveness to improve DTCCs ability to properly identify current cyber threats, monitor, and detect suspicious activities or instances of data loss. Your Primary Responsibilities: Manage a team of cyber security professionals who can design and implement security monitoring controls Lead technical PoC evaluations and onboarding of new security technologies. Drive continuous improvement of technology, processes, and procedures to align with stakeholder needs. Ensure alignment with enterprise security architecture and compliance standards. Collaborate with internal stakeholders and vendors to ensure robust and scalable integrations. Design and maintain automated playbooks for incident response and threat remediation. Optimize SOAR workflows to reduce manual effort and improve response times. Conduct regular assessments of existing security tools and processes to identify gaps or inefficiencies. Develop and maintain a technology roadmap aligned with business and security objectives. Collaborate with architecture and engineering teams to prioritize and implement gap remediation strategies. Track and report on gap closure progress and impact on overall security posture. Establish performance metrics and key performance indicators (KPIs) to measure the effectiveness of the Security Integration and Orchestration program Qualifications: Minimum of 8 years of related experience Bachelors degree preferred or equivalent experience Deep understanding of integrating tools like QRadar, Syslog-NG, SOAR, Armis IoT, Reversing Labs, and Zscaler into the incident response ecosystem. Experience with SOAR platforms and case management systems, including playbook creation and automation workflows. Ability to identify technology gaps in security monitoring and develop actionable remediation plans. Skills in enriching security event data to improve detection and response efficiency Capable of defining objectives and scope for orchestration initiatives and aligning them with business use cases. Proficiency in Python, PowerShell, Bash, or Perl to automate compliance checks, data parsing, and reporting. Proficiency in generating reports and metrics to measure orchestration effectiveness and tool coverage. Experience in coordinating with external vendors for tool integration and support Regular engagement with incident response, Network Penetration and other Cyber Fusion Center teams to ensure alignment and operational readiness. Skilled in managing stakeholder expectations, facilitating discussions, and driving consensus across technical and business teams Highlights the expected benefits of new actions and strategies to help others overcome fears of change. Fosters a culture where honesty and transparency are expected. Proactively seeks feedback from others on his/her own performance. Ensures that regular feedback is given in a constructive and behaviorally oriented manner. Supports an environment where individuals are respected for their contributions. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. Please contact us to request accommodation.

Line of Service Advisory Industry/Sector Not Applicable Specialism Risk Management Level Specialist Job Description & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In threat intelligence and vulnerability management at PwC, you will focus on identifying and analysing potential threats to an organisation&aposs security, as well as managing vulnerabilities to prevent cyber attacks. You will play a crucial role in safeguarding sensitive information and enabling the resilience of digital infrastructure. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes forour clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences foreach other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firms growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. Job Description & Summary A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats. Responsibilities: Experience in conducting IT risk assessments. Sound understanding of ISO 27001, NIST, PCI, Data Privacy, and Cloud Security. Knowledge on application infrastructure architecture. Knowledge on SaaS application architecture. Knowledge on database and middleware communication. Knowledge on API security. Good communication skills. Good team player. Good presentation skills and senior stakeholder management. Certifications - CISA, CISSP, CCNP, CCSP, CISM, CRISC etc. Mandatory Skill Sets: IT Risk, ISO 27001, NIST, PCI, Data Privacy, and Cloud Security. Preferred Skill Sets: Stakeholder Management, Team Management Years of Experience: 1+ Years Educational Qualification: BE, B.Tech, M.Tech, MCA, MBA graduates. Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Technology Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills Information Technology (IT) Risk Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Cloud Security, Communication, Conducting Research, Cyber Defense, Cyber Threat Intelligence, Emotional Regulation, Empathy, Encryption, Inclusion, Information Security, Intellectual Curiosity, Intelligence Analysis, Intelligence Report, Intrusion Detection, Intrusion Detection System (IDS), IT Operations, Malware Analysis, Malware Detection Tools, Malware Intelligence Gathering, Malware Research, Malware Reverse Engineering, Malware Sandboxing + 11 more Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship No Government Clearance Required No Job Posting End Date Show more Show less

Join our team at JPMorgan Chase, a leading company in the financial industry, as a Lead Cybersecurity Architect within the Cybersecurity & Tech Controls Team. In this role, you will play a crucial part in developing top-notch cybersecurity solutions for modern software applications on cloud-based technologies. Your responsibilities include identifying and communicating risks, mitigation options, and solutions across various technical areas to support project objectives effectively. As a Lead Cybersecurity Architect, you will foster a security-focused culture within product, technology, and business teams to prioritize sustainable controls and reduce risks significantly. By integrating threat modeling, secure architecture, and code review into agile development practices, you will ensure secure product delivery. It is essential to gain a deep understanding of the product, its strategy, roadmap, and key investments, while also staying updated on emerging technologies and business concepts to enhance the product's cyber risk posture. You will act as a security thought leader by sharing best practices with product and cybersecurity teams and serve as the primary expert on IT Risk and Cyber domains within your product. Monitoring Key Risk Indicators, swiftly managing emerging issues, and collaborating with various stakeholders across the supply chain are integral parts of your role. Additionally, you will work closely with Third-Party Oversight teams to address technology risks, particularly focusing on cloud computing and emerging technologies. To excel in this position, you should possess formal training or certification in Cybersecurity concepts along with at least 5 years of practical experience. Advanced knowledge of cybersecurity architecture, technical processes, and expertise in areas like public cloud, AI, machine learning, or mobile is required. As a solutions-driven self-starter, you should be adept at managing multiple projects under pressure and tight deadlines. Strong analytical skills, the ability to evaluate and recommend technologies for future architecture, and a deep understanding of agile methodologies are essential for success in this role. Preferred qualifications include certifications in Cybersecurity, Cloud, Infrastructure, or Product, familiarity with risk management frameworks and financial industry regulatory requirements, as well as expertise in data security, risk assessment, control evaluation, design, and governance. The ideal candidate will also have a solid understanding of the financial services industry and its IT systems, coupled with a proven track record of implementing effective risk mitigation strategies.,