297 It Risk Jobs - Page 12

o Cyber security and/or Privacy, IT Audit, IT Risk/Compliance Management with focus on delivering projects in the government sector (working with ministries and departments of state/central government) o In-depth understanding of government sector is required previous experience of working with government sector (India/global) o Background in pre-sales activities such as responding to RFPs/RFIs are required. Should be conversant in working on DPR preparation including low level design, RFP / EOI preparation etc. o Ability to deliver on large and complex government sector projects and meet deadlines while working both independently and in a team environment. o Strong communication skills Experience Required: o 4+ years of overall experience with at least 4 years of relevant experience in cyber security and related fields of work o Must have experience in working in at least 2 completed projects for large, enterprise scale clients in security advisory / review related work o Should have experience of working for at least 2 government clients (state or central government). This does not include PSUs

Project Related Functional Knowledge: Significant Know How of various domains under Governance Management of Enterprise IT, Financial Statements - IT Audit Process Integrated Audits, Leading IT Risk Management Frameworks Standards ( such as COBIT, COSO, ITIL, ISO 27001, NIST etc.) Core Technical Skills: Hands on experience (At least 6-8 years) in executing and delivering audits/assurance engagements (At least in 2-3 areas) of IT General Controls around Applications, Database, Operating Systems, Middleware, Networks, IT Application Controls, IT Attestation (SOC1SOC 2 etc.), IT Regulatory Compliance, Third Party Risk Assurance etc. Additional Skills: Understanding of at Technology Risks Controls for at least one of Emerging Technology solutions such as Cloud, Social Media, Intelligent Automation, DevSecOps etc. Professionals would be leading at least 3-5 projects at any time on IT Audit Controls Assurance. They shall be having teams report to them at a project level. Professional have the responsibility of project execution and shall report to a director/partner on every project. They shall be responsible for ensuring project profitability, quality as well as adherence to the agreed project plan Will have End to End responsibility of managing the project lifecycle from Initiation till Closure and maintain requisite documentation at each stage. Professionals shall assist the Partner/Director in managing quality risks associated with the projects The job would require travel to client locations within India and abroad Certifications such as CISA, CISSP, CIA, SAP/Oracle Security and related certifications in the areas of Emerging Technologies would be plus. Thought Leadership Contribute to solution development Possess good business acumen. Remain current on new developments in advisory services capabilities and industry knowledge. Participate in practice initiatives and at times lead such initiatives such as knowledge management or thought leadership People Related During the course of your work, you will be expected to be a people leader for your department/location and to also manage a team in terms of staffing, appraisals etc. Coordinating in developing the practice (people / clients and skills) Plays role of a performance professional for junior staff. Is actively involved in training, coaching and mentoring of his/her team Business Development Professionals shall be significantly involved in business development lead generation till closure. They are expected to possess considerable client relationships which could lead to business opportunities. They may be assigned a market/geography/ solution/account or a set of clients for business development. They shall be responsible for generating an agreed amount of revenue for the year Proactively does sales oriented reporting during projects. These would include identifying possible business opportunities for various practices within KPMG Demonstrate in-depth technical capabilities and knowledge. Demonstrate ability to assimilate to new knowledge Provide high quality, day-to-day execution of client engagements, and projects for the financial services practice Develop engagement work programs, assist in conducting risk assessments, documentation of working papers and preparation of audit committee presentations Shall be responsible for client relationship management, team management along with ability to handle multiple client engagements Understand client needs and challenges and identify revenue opportunities for the firm Work on project teams focused on advisory projects and assist engagement management to successfully complete engagement objectives Understand firm service offerings and mentor associates, interns, and new hires. Possesses extensive experience in IT Audit, IT Risk Control Assurance space Prior experience in client facing / account management roles Exposure to business development in consulting (Pre-sales support, proposals, RFP responses) Possess strong domain knowledge, understanding of business processes and possible risks in operations of at least two industry sectors Consistent display of leadership skills Have experience in process consulting/ internal audit/ risk consulting at a project professional level role Strong analytical and problem solving skills. Strong written and verbal communication skills Ability to work well in teams Ability to work under pressure stringent deadlines and tough client conditions which may demand extended working hours Willingness to travel within India or abroad for continuous long periods of time Demonstrate integrity, values, principles, and work ethic and lead by example.

Project Related Functional Knowledge: Significant Know How of various domains under Governance Management of Enterprise IT, Financial Statements - IT Audit Process Integrated Audits, Leading IT Risk Management Frameworks Standards ( such as COBIT, COSO, ITIL, ISO 27001, NIST etc.) Core Technical Skills: Hands on experience (At least 6-8 years) in executing and delivering audits/assurance engagements (At least in 2-3 areas) of IT General Controls around Applications, Database, Operating Systems, Middleware, Networks, IT Application Controls, IT Attestation (SOC1SOC 2 etc.), IT Regulatory Compliance, Third Party Risk Assurance etc. Additional Skills: Understanding of at Technology Risks Controls for at least one of Emerging Technology solutions such as Cloud, Social Media, Intelligent Automation, DevSecOps etc. Professionals would be leading at least 3-5 projects at any time on IT Audit Controls Assurance. They shall be having teams report to them at a project level. Professional have the responsibility of project execution and shall report to a director/partner on every project. They shall be responsible for ensuring project profitability, quality as well as adherence to the agreed project plan Will have End to End responsibility of managing the project lifecycle from Initiation till Closure and maintain requisite documentation at each stage. Professionals shall assist the Partner/Director in managing quality risks associated with the projects The job would require travel to client locations within India and abroad Certifications such as CISA, CISSP, CIA, SAP/Oracle Security and related certifications in the areas of Emerging Technologies would be plus. Thought Leadership Contribute to solution development Possess good business acumen. Remain current on new developments in advisory services capabilities and industry knowledge. Participate in practice initiatives and at times lead such initiatives such as knowledge management or thought leadership People Related During the course of your work, you will be expected to be a people leader for your department/location and to also manage a team in terms of staffing, appraisals etc. Coordinating in developing the practice (people / clients and skills) Plays role of a performance professional for junior staff. Is actively involved in training, coaching and mentoring of his/her team Business Development Professionals shall be significantly involved in business development lead generation till closure. They are expected to possess considerable client relationships which could lead to business opportunities. They may be assigned a market/geography/ solution/account or a set of clients for business development. They shall be responsible for generating an agreed amount of revenue for the year Proactively does sales oriented reporting during projects. These would include identifying possible business opportunities for various practices within KPMG Demonstrate in-depth technical capabilities and knowledge. Demonstrate ability to assimilate to new knowledge Provide high quality, day-to-day execution of client engagements, and projects for the financial services practice Develop engagement work programs, assist in conducting risk assessments, documentation of working papers and preparation of audit committee presentations Shall be responsible for client relationship management, team management along with ability to handle multiple client engagements Understand client needs and challenges and identify revenue opportunities for the firm Work on project teams focused on advisory projects and assist engagement management to successfully complete engagement objectives Understand firm service offerings and mentor associates, interns, and new hires. Possesses extensive experience in IT Audit, IT Risk Control Assurance space Prior experience in client facing / account management roles Exposure to business development in consulting (Pre-sales support, proposals, RFP responses) Possess strong domain knowledge, understanding of business processes and possible risks in operations of at least two industry sectors Consistent display of leadership skills Have experience in process consulting/ internal audit/ risk consulting at a project professional level role Strong analytical and problem solving skills. Strong written and verbal communication skills Ability to work well in teams Ability to work under pressure stringent deadlines and tough client conditions which may demand extended working hours Willingness to travel within India or abroad for continuous long periods of time Demonstrate integrity, values, principles, and work ethic and lead by example.

Function : Digital Trust Location: Bangalore/Mumbai/Gurgaon/Noida/Kolkata/Pune/Hyderabad Experience: At least 7+ Years of relevant experience Project Related Functional Knowledge: Significant Know How of various domains under Governance Management of Enterprise IT, Financial Statements - IT Audit Process Integrated Audits, Leading IT Risk Management Frameworks Standards ( such as COBIT, COSO, ITIL, ISO 27001, NIST etc.) Core Technical Skills: Hands on experience (At least 6-8 years) in executing and delivering audits/assurance engagements (At least in 2-3 areas) of IT General Controls around Applications, Database, Operating Systems, Middleware, Networks, IT Application Controls, IT Attestation (SOC1SOC 2 etc.), IT Regulatory Compliance, Third Party Risk Assurance etc. Additional Skills: Understanding of at Technology Risks Controls for at least one of Emerging Technology solutions such as Cloud, Social Media, Intelligent Automation, DevSecOps etc. Professionals would be leading at least 3-5 projects at any time on IT Audit Controls Assurance. They shall be having teams report to them at a project level. Professional have the responsibility of project execution and shall report to a director/partner on every project. They shall be responsible for ensuring project profitability, quality as well as adherence to the agreed project plan Will have End to End responsibility of managing the project lifecycle from Initiation till Closure and maintain requisite documentation at each stage. Professionals shall assist the Partner/Director in managing quality risks associated with the projects The job would require travel to client locations within India and abroad Certifications such as CISA, CISSP, CIA, SAP/Oracle Security and related certifications in the areas of Emerging Technologies would be plus. Thought Leadership Contribute to solution development Possess good business acumen. Remain current on new developments in advisory services capabilities and industry knowledge. Participate in practice initiatives and at times lead such initiatives such as knowledge management or thought leadership People Related During the course of your work, you will be expected to be a people leader for your department/location and to also manage a team in terms of staffing, appraisals etc. Coordinating in developing the practice (people / clients and skills) Plays role of a performance professional for junior staff. Is actively involved in training, coaching and mentoring of his/her team Business Development Professionals shall be significantly involved in business development lead generation till closure. They are expected to possess considerable client relationships which could lead to business opportunities. They may be assigned a market/geography/solution/account or a set of clients for business development. They shall be responsible for generating an agreed amount of revenue for the year Proactively does sales oriented reporting during projects. These would include identifying possible business opportunities for various practices within KPMG Demonstrate in-depth technical capabilities and knowledge. Demonstrate ability to assimilate to new knowledge Provide high quality, day-to-day execution of client engagements, and projects for the financial services practice Develop engagement work programs, assist in conducting risk assessments, documentation of working papers and preparation of audit committee presentations Shall be responsible for client relationship management, team management along with ability to handle multiple client engagements Understand client needs and challenges and identify revenue opportunities for the firm Work on project teams focused on advisory projects and assist engagement management to successfully complete engagement objectives Understand firm service offerings and mentor associates, interns, and new hires. Possesses extensive experience in IT Audit, IT Risk Control Assurance space Prior experience in client facing / account management roles Exposure to business development in consulting (Pre-sales support, proposals, RFP responses) Possess strong domain knowledge, understanding of business processes and possible risks in operations of at least two industry sectors Consistent display of leadership skills Have experience in process consulting/ internal audit/ risk consulting at a project professional level role Strong analytical and problem solving skills. Strong written and verbal communication skills Ability to work well in teams Ability to work under pressure stringent deadlines and tough client conditions which may demand extended working hours Willingness to travel within India or abroad for continuous long periods of time Demonstrate integrity, values, principles, and work ethic and lead by example

Notice period : Immediate to 30 days Educational Background: , MCA, BCA, or . in Computer Science. Notice Period: Immediate to a maximum of 30 days. Technical Skills: Must have coding experience or at least a basic understanding of programming languages. ITGC Experience ITAC Experience (Mandatory): Candidates should have hands-on experience in any of below controls: Interface controls Input/Process or output controls Positive-negative controls 3-way matching, 4-way matching Data reconciliation Data migration Skills Required: Perform testing of IT Application Controls(ITAC), IPE, and Interface Controls through code reviews, IT General Controls(ITGC) review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster Recovery Perform Risk Assessment, identification, and Evaluation of Controls, prepare process flow diagrams and document the same in Risk Control Matrix. Perform business process walkthrough and controls testing for IT Audits. Performing planning and executing audits, including: Information Security reviews Information Technology Infrastructure reviews Application reviews Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the work to be performed Risk Based IT Internal Audit for Financial Services Entities IT SOX 404 Controls Testing, Quality Assurance Internal Financial Controls related to IT General Controls as part of Financial Statements Audits IT Risk Control Self-Assessment Business Systems Controls / IT Application Controls Auditing Emerging Technologies such as Cloud Security, Intelligent Automation, RPA, IoT etc Working knowledge of programming languages(C/C++/Java/SQL) Conducting IT audits, IT Internal Audit, Robotics Process Automation (RPA) Audits

Key Responsibilities Performing control assessments on behalf of our clients Conduct process reviews through stakeholder interviews, data validations, and document analysis Apply IT-related and internal control knowledge to deliver high quality engagement Handling end to end risk assessment activities such as: scoping, planning, fieldwork execution, reporting, QA, and issue tracking Execution on client engagements - Ensure quality delivery as per client requirements. Review of working papers suggest ideas on improving engagement productivity and identify opportunities for improving client service. Identify and escalate potential business opportunities for the firm on existing client Plan, organize, direct, and monitor project operations, including overall quality of deliverables, processes, and completion of projects within budgeted timeline. Support the execution of audits/ assessments of IT processes against leading practice IT risk and security frameworks and common standards. Working effectively across multiple internal and external teams, building your professional network across Consulting, Assurance and with Clients Technical Qualifications: Strong knowledge of IT controls, ITGCs, ITACs, SOX 404 controls testing, Internal audit. IT integration of financial statement audits, service organization controls reporting engagement (SOC1, SOC2) Experience with enterprise risk management methods Experience in risk and control assessments in emerging technologies Ability to understand and correlate the risk data from various sources and effectively use it to monitor/showcase risk to the firm Experience in executive level risk reporting and visualization and ability to analyse data for data quality gaps Exposure to Information Security Management Systems (ISMS) framework (27001) and other recognized standards. Exposure to SOC and IT audits Preferrable- CA, B.Tech, MBA or equivalent CISA certified, ISO27001 Skills and attributes: A recognized university degree in business, information technology, computer engineering, or other relevant discipline Experience of IT audit, Internal audit, IT risk advisory for a professional services firm, or within industry Project management and strong communication skills Ability to build and develop relationships Ability to adapt to different client situation and bring best outcome in difficult situations Leadership, teamwork, and client service skills Demonstrated integrity within a professional environment Good networking skills

Responsibilities include performing audit and consulting assignments related to information technology (IT), cyber security, information security (IS), network security , vulnerability assessment and penetration testing, specialized application controls, IT processes covering IT management, IT infrastructure, IT operations and related business processes. Job Profile: Experience in performing Information security audits, Cyber security audits, IT audits or IT risk consulting in a professional service firm or corporate audit department Experience in performing IT Risk Assessment and Business Impact Analysis (BIA) Preparing audit plans and work programs to perform risk-based audit Evaluating and testing of controls by using manual and automated methods Reporting on audit findings and making recommendations for remediation of noted control deficiencies and improvements in operations as per industry standards and best practices. Perform post remedial audits on systems, processes and risk areas Training and advising, as applicable The role requires Monitoring Conducting risk based audit assignments. Support Team in the process of preparing and executing audit plans, audit program, and reports, Supervision of daily activities of the team Experience in diverse environment ability to handle multiple projects. Applying technical knowledge effectively Demonstrating good verbal and written communication skill Maintaining strong client focus by building strong relationships with clients, sharing knowledge with client and internal team members Educational Professional Credentials Essential: MBA-IT BSc- IT BE - Computers, Electronics MS MCA Desirable: One or more certifications out of CISA, DISA, CISSP, CISM, ITIL, ISO 27001 LA, CEH Professional certifications on technology platforms including Microsoft, Oracle, System

Desired Profile : Experience into ITGC, ITAC, SOC, SOX is must Should have excellent communication skills and MS- Office skills Candidate with extensive experience in cyber security will not be fit for this role Candidate should be ok to travel to client places and work from office from Day 1. Roles Responsibilities- Perform testing of IT Application Controls, IPE, and Interface Controls through code reviews, IT General Controls review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster Recovery Conducting controls assessment in manual/ automated environment Prepare/Review of Policies, Procedures, SOPs Maintain relationships with client management and the project Manager to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations. Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the work to be performed. Coordinate effectively and efficiently with the Engagement manager and the client management keeping both constantly updated regarding projects progress. Collaborate with other members of the engagement team to plan the engagement and develop relevant workpapers/deliverables. Perform fieldwork and share the daily progress of fieldwork, informing supervisors of engagement status.

We are seeking a detail-oriented professional to support IT General Controls (ITGC) testing, IT audits, SOX compliance, and SOC reporting initiatives. The role involves evaluating IT processes, identifying control gaps, and ensuring regulatory compliance for clients and internal systems. Responsibilities: Perform ITGC testing across applications, infrastructure, and databases. Support SOX 404 compliance audits, including control design and operating effectiveness testing. Conduct IT audits as per defined frameworks and client requirements. Assist in SOC 1 and SOC 2 reporting processes evidence collection, control testing, and reporting. Identify control gaps and recommend remediation actions. Collaborate with cross-functional teams including external auditors and client stakeholders. Prepare audit documentation and reporting dashboards. Stay updated on regulatory changes and IT risk management practices. Qualification: Bachelors degree in IT, Computer Science, B.Com or related field. 2-6 years of experience in ITGC, IT audit, SOX, or SOC reporting. Knowledge of IT controls, risk frameworks (COBIT, ISO 27001, NIST) preferred. Strong communication, documentation, and analytical skills Notice period : Immediate to 30 days

Full time position, 3-5 days per week in office (not shift) Department: ASPIRE Managed Services Practice: Services Reliability Group Vetting Requirements: N/A Role Summary: We are seeking an experienced and results-driven IT Audit and Compliance Analyst who will be responsible for ensuring that the ASPIRE Global Service Centres IT systems, processes, and controls comply with internal policies, regulatory requirements, and industry standards. This role supports risk management efforts by conducting and participating in audits, identifying control gaps, and recommending improvements to strengthen the controls within the environment. Key Responsibilities: Define concise and actionable audit findings, whilst planning the delivery of recommendations, including scoping and resource assignment Monitoring and reporting on the status of audit findings and compliance issues Participation in evaluations of ASPIRE GSC systems against regulatory and policy requirements (e.g. GDPR, ISO 27001, SOX) To create, publish and maintain a forward schedule of Audits for the wider stakeholder awareness Support external audits and regulatory inspections by providing requested documentation and explanations Collaborate with Practice IT teams and Security to assess compliance with internal policies and external regulations Evaluate the effectiveness of IT controls, i.e. related to access management, change management, data protection, and system operations Documentation of IT risks, controls, and mitigation activities Working in conjunction with IT Service Management Process owners, manage proposed updates / closure of identified gaps and improvements to service management processes and procedures Assist in the development and implementation of IT compliance frameworks and control testing programs Maintain up-to-date knowledge of relevant laws, regulations, and industry standards Qualifications Skills, Education & Qualifications: 3+ years in IT audit, IT compliance, or information security roles Familiarity with regulatory frameworks (e.g., SOX, GDPR, HIPAA) and standards (e.g., NIST, ISO 27001, COBIT) Experience with audit tools, Governance, Risk and Compliance platforms and risk assessment methodologies Strong analytical and problem-solving abilities Excellent written and verbal communication skills Ability to manage multiple priorities and work independently High attention to detail and integrity in handling sensitive information.

About this role: Wells Fargo is seeking a Finance Analyst In this role, you will: Participate in functions related to financial research and reporting Forecast analysis of key metrics, as well as other financial consulting related to business performance, operating and strategic reviews Identify opportunities for process improvements within the scope of responsibilities Research moderate to complex financial data in support of management decision-making for a business Create and communicate various activities such as product pricing, product, and portfolio performance Exercise independent judgment to guide key metrics forecasting, closing data and validation Present recommendations for resolving all aspects of delivering key forecasting projections as well as financial reporting to support monthly and quarterly forecasting Develop expertise on reporting that meets brand standards and internal control standards Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals Required Qualifications: 2+ years of Finance experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education Desired Qualifications: Strong Analytical skills Certifications in Risk Management courses Ability to identify risk and controls, to create remediation plans, remediation success criteria and control documentation Excellent communication skills (verbal, written and interpersonal); ability to concisely articulate complex concepts in a clear manner. Strong analytical skills with high attention to detail and accuracy. Understanding of audit lifecycle and methodology Technical understanding of specific business operations, processes, products, and customer interactions where they manifest risk Job Expectations: Partner with key oversight partners (Business Control Executive, COSO, CMoR, Finance Governance, Audit) team to design an optimized control environment and appropriate risk assessment ratings around all EAA processes Identify and extend controls to contributing partners as determined needed and relevant including procedures, training and overview functions Execute on financial control framework across all EAA processes Continually assess the overall risk framework and identify additional needed controls or enhancements to existing controls to mitigate those risks Maintain appropriate risk and control processes documentation Requires an understanding of COSO Framework and implement the same in the processes under EAA (Expense Analytics & Allocation) Partner with Business Control Leaders to ensure issues are appropriately identified Manage issue lifecycle from intake to closure Review and perform QA for all issues and corrective action materials Advice, counsel, training and awareness on policy and procedure requirements

Experience Implementation of ISO 27001, GRC ITGC & IT Regulatory compliance Knowledge in ISMS, ITRS, Knowledge about regulators RBI, IRDA, SEBI Experience in PCI DSS, ISO 27001, SOC 2, GDPR, RBI guidelines Experience in audits & risk assessments.

Dear Candidate, We are Hiring for MNC!!! Role: Compliance Specialist-Internal Control Assurance Location: Bangalore Work Mode: Hybrid Contract: 12 Months Notice: Immediate-30 days only Required skills: 10+ years of work experience in IT assurance functions (internal / external auditing, control testing, risk management) and/or practical experience in the field of IT and Cyber Security Good understanding of IT risk and control frameworks and the underlying technologies, concepts, and processes Strong knowledge of SQL and relational databases and proficiency in programming languages such as Python or R . Knowledge of data analytics and visualization applications (e.g., Palantir Foundry, Tableau) is preferred University degree in related field, qualified or working towards a CISA, CISM, CISSP, CSX-P, CIA or CRISC professional certification is a plus Knowledge of Cloud Security and DevSecOps practices will be considered advantageous Critical thinker that sees the "big picture" (e.g. overall themes, trends, goals) Result oriented individual with agile mindset and ability to work independently , able to plan well, work in the field and able to deliver results in time Good communicator , able to gain and maintain trust while delivering difficult messages Team worker , able to listen to others but also influence Fluent in English, written and spoken If Interested, please share your updated CV to arthie.m@orcapod.work

Role Description The TDI Engineering unit is responsible for all desktop, end user automation, engineering, and collaboration tools within the bank. The goal of this unit is to provide enterprise development tools as services for teams across Deutsche Bank, enabling them to reach higher levels of maturity in their process. These services consist of all necessary to support teams from initial Program/Project investment governance decisions and subsequently management through development, testing, deployment as well as compliance with the Banks software processes. Tools such as Bitbucket, JIRA, Confluence, TeamCity, Artifactory, MF ALM. The Developer Tools Project Portfolio has multiple Programs/Initiatives driven by Regulatory/Audit-finding based remediation, Strategic Programs e.g., Cloud (GCP) migration (of tools, as part of a larger, bank-wide Programme), Developer Experience initiatives and Migration to new tools. The Project manager will manage sub projects under a set of these Programs. A Programme is a group of related projects that together deliver the intended value of a business case. Project manager functionally reports to the Programme Manager. The Project Manager will be part of TDI engg support Audit remediation or Internal initiative projects in Candidate/application functions. We are searching for a candidate with a good understanding of IT risks and controls. This role is integral in supporting the function in complying with the Non-Financial Risk Management framework including the Findings Management Policy (FMP). The project manager will work with subject manner experts, across TDI engg, Group Audit and Non-Financial Risk. This is an exciting opportunity for a high-performing and motivated individual to help shape the technology infrastructure in response to demanding regulations making a real impact on the profitability and reputation of the organization. Accident and Term Life Insurance Your key responsibilities To deliver the required output whilst managing the costs to budget, delivering the business benefits according to plan, identifying project delivery risks and proposing mitigations as required Manage the execution, track deliverables, budgets (on the bank-wide Portfolio Management system e.g., dbClarity) Establish and drive the governance for this Program including TDI(IT)-wide stakeholders Engage with a variety of stakeholders within the bank, other Programme Managers, Project Management Offices/COO functions to effectively steer the Programme Ensure that the Project Team (Engineering, Policy teams, Operations teams, Product Owners) are appropriately aligned to the Programme and its deliverables Provide MI and reporting on a periodic basis to the stakeholders Understand the expectations of the CAF (Central Approval Function), DCRO & Auditor on all audit procedures and help the project team articulate the SII Forms, Closure packs and Remediation plan accordingly. Coordinate with Portfolio Owners/SPOCs for the upcoming audit schedule and request if any potential SIIs are to be raised for the audit scope. Support application leads/delegate on closure documentations (Include Finding & Action Level). Responsible for doing the first pass reviews of all Life Cycle Events before it is submitted to CAF (Central Approval Function). Participate in Weekly and Monthly Status calls with Portfolio owners / CIO-1, GCIO Embedded Risk Manager and Divisional Compliance officer to update the status of the remediations. Coordination and management with Portfolio Owners/Delegates, ERT, Control Owners, CAF members & collaboratively work with them to address the requirements to close the remediation on time. Work with domain leads to tracking all remediations to ensure timely closure without any KPI impact. Prepare for the monthly Governance meetings MB-1, CIO and CIO-1 Level. Support the delivery risk and control initiatives. This includes participation in risk and control activities, risk-based control reporting of key issues, performance, and validation. Ensure management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums. Identify and evaluate potential areas of non-compliance or risk, assessing impact, probability and present findings and proposals for risk mitigation measures. Familiarize with policies, procedures, and internal documentation, as well as management models pertaining to Deutsche Operational Risk & Findings Management. Manage and deliver the critical book of work for Risk & Controls. Establish a proactive risk culture with simplified governance, improved application stability and investment in reduction of manual support activities. Your skills and experience Overall 10+ years of experience in any of the SDLC/STLC engagement and minimum 3 years on risk and audit related experience in IT Risk. Previous experience with IT risk assessment, audit, controls validation and emerging risk identification. A strong team player comfortable in a cross-cultural and diverse operating environment. Result oriented and ability to deliver under tight timelines. Excellent communication and collaboration skills Desire to learn about new and emerging technologies and continuous upskilling. Must be comfortable with navigating ambiguity to extract meaningful risk insights. Excellent verbal and written communication skills Ability to work independently, plan, organize, prioritize, and meet deadlines in a rapidly changing environment. Ability to assimilate large quantities of information in short periods of time.

Security Risk and Compliance Expert will be instrumental in shaping the global Information Security Management System (ISMS) within our Group Security team. This role involves engaging with various Business Groups and Corporate Functions to identify and manage information security risks, ensuring compliance and enhancing our security posture. Facilitate risk assessments, develop training, and contribute to the continuous improvement of security policies and tools. Enhance the overall security and compliance of services provided to our customers. You have: Master's or bachelor's degree in computer science, security engineering, or equivalent 5+ years of experience in information security in a multinational organization. Solid understanding of information security processes and technologies Practical knowledge of ISO/IEC 27001:2022 standard implementation Excellent documentation and communication skills It would be nice if you also had: Knowledge of security standards like CSA CCM, NIST CSF, NIS2, and SOC2 Experience delivering information security training Familiarity with RSA Archer and Microsoft Power BI or other GRC tools Certifications in information security (e.g., CRISC, CISSP and ISO 27001 LI/LA) Implement and operate the global Information Security Management System (ISMS) to enhance overall security and compliance. Conduct risk assessments with global stakeholders to evaluate and report information security risks. Develop and maintain the information security risk register, tracking mitigation progress and presenting reports to stakeholders. Provide recommendations for security risk mitigation strategies tailored to different business groups. Create, update, and maintain ISMS documentation and a repository of reports and audit records. Facilitate training sessions to educate employees on ISMS practices and promote a strong security culture. Collaborate with cross-functional teams to identify evolving security trends and compliance requirements. Contribute to the continuous improvement of Nokia ISMS and related tools, utilizing KPIs to measure effectiveness.

Hi, We are having an opening for Manager/ Senior Manager-Audit & Compliance Specialist at our Mumbai location. Job Summary : The Audit & Compliance Specialist will support the execution of global IT audit and compliance initiatives under the guidance of the Lead Audit & Compliance Specialist. This role is responsible for evidence coordination, audit documentation, remediation tracking, and regulatory readiness across IT Infrastructure, Cloud, and Service Delivery domains. The role will ensure timely closure of audit observations and continuous improvement of the compliance framework in alignment with SOX, GxP, ISO 27001, and other regulatory standards. Areas Of Responsibility : Key Responsibilities 1. Audit Support & Execution Coordinate with IT domain teams to gather and validate audit evidence. Support walkthroughs, gap analysis, and response preparation for internal and external audits. Track status of remediation actions and support validation exercises. 2. Documentation & Controls Management Maintain audit documentation including SOPs, control checklists, risk registers, and evidence logs. Support creation of compliance dashboards and internal audit scorecards. 3. Compliance Monitoring & Reporting Conduct periodic self-assessments and spot checks. Monitor effectiveness of implemented controls and alert gaps to the lead specialist. 4. Stakeholder Coordination Interface with Infra, Cloud, Service Delivery, Cybersecurity, and Business IT teams for audit preparedness. Support training logistics and documentation for compliance awareness programs. 5. Improvement Initiatives Identify automation opportunities in compliance processes. Support tool-based audit management platforms (e.g., Archer, ServiceNow GRC). 6. Specialized Knowledge Requirements Understanding of IT general controls, SOX, GxP, ISO 27001 Familiarity with ITIL processes (Change, Incident, Problem) Exposure to audit lifecycle, compliance reporting, and evidence collection Knowledge of tools like Excel, SharePoint, ServiceNow GRC preferred Internal Stakeholders and Nature of Interaction Lead Audit & Compliance: Daily coordination, status reviews, remediation validation Infra, Cloud, App & Service Teams: Evidence submission, control reviews, audit walkthroughs PMO & Compliance Team: Coordination on process documentation, control changes, and reporting External Stakeholders and Nature of Interaction Internal/External Auditors: Support during data requests, audit walkthroughs, and clarification rounds Consulting Partners: Coordination during control testing or audit co-sourcing External Interaction % ~2025% with external auditors, partners, and advisors Nature of Communication Formal audit evidence, tracker updates, control summaries, dashboards Clear, structured communication during walkthroughs and audit Q&A Role Played in Negotiations Supports Lead in framing responses or remediation timelines for audit queries Key Decision-Making Expected Recommend evidence sufficiency, escalate control gaps, prioritize documentation readiness Extent and Nature of Innovation Required Moderate: Suggest improvements in evidence workflows, adopt templates for reusability Use dashboards to simplify control visibility and audit traceability Job Requirements Educational Qualification: Masters, Bachelors degree in IT, Computer Science, or related field Certifications: CISA or CRISC (preferred but not mandatory for entry level) ITIL Foundation / GRC platform exposure is a plus Experience: 5-12 years of experience in IT audit, controls, or compliance roles Exposure to pharma or highly regulated industries is desirable Skills: Detail-oriented with good documentation practices Strong Excel/SharePoint skills; familiarity with audit tools Ability to handle multiple tasks and communicate with cross-functional teams

Designation: IT Risk Manager Experience: 2+ Years Location: Navi Mumbai - WFO Roles & Responsibilities : Proficient in VAPT tools for applications and infrastructure (e.g., Burp Suite, OWASP ZAP, Nessus, Nmap, Postman). Strong grasp of OWASP Top 10, API Security best practices, and secure coding principles. Experience in secure configuration reviews for firewalls, servers, endpoints, and API gateways. Familiar with DevSecOps, including integrating security. Understanding of API security frameworks: OAuth 2.0, JWT, API key management, rate limiting. Hands-on with incident response workflows (e.g., Splunk, CrowdStrike). Skilled in writing and maintaining security documentation, including SOPs and incident response plans. Awareness of regulatory standards: RBI Cybersecurity Framework, PCI DSS, NIST. Exposure to risk assessments, security audits, and third-party security evaluations. Ability to collaborate with Dev, Infra, and Compliance teams to ensure secure deployments. Interested can share resume at chandni@thepremierconsultants.com

Roles & Responsibilities : ServiceNow ITM Toolsuite: Assist in the implementation and configuration of ServiceNow IRM modules such as: Policy and Compliance Management, Risk Management, Audit Management Support towards creation of forms, workflows, reports, and dashboards within the IRM suite. Support on unit testing, user training, and documentation preparation. Stay informed on ServiceNow updates, new IRM features, and industry best practices. Regulatory Compliance: Consultancy and Support towards Security and compliance controls with respect to various Bosch/Industry regulations Collaborate with business analysts and senior consultants to gather and document functional and technical requirements. Conduct compliance assessments and provide consultation on security frameworks, including ISO 27001:2022. Engage with stakeholders, including managers, application owners, and technical teams, to assess security controls and document security compliance. Conduct and consult on gap analyses for security policies, controls, and procedures. Provide guidance on security best practices, including penetration testing, vulnerability scanning, encryption, and backup/storage security. Ensure the customer KPIs, quality and deliverables are met Qualifications Educational qualification: Any U.G or P.G degree Experience : Experience in Information Security, IAM and/or GRC suppor

A. Information Security Operations Vulnerability Management Conduct regular vulnerability assessments of all application servers. Ensure timely patching and remediation of identified vulnerabilities. Endpoint Security Maintain compliance of all endpoints with Falcon CrowdStrike antivirus and EDR. Ensure consistent endpoint protection coverage across the organization. Security Incident Response Monitor and respond to alerts from SIEM tools in coordination with Corporate IT. Investigate and resolve security incidents such as malware, phishing, and breaches. Network Security Monitor and secure network traffic using firewalls, IDS/IPS. Configure and maintain secure LAN/WAN, Wi-Fi, and VPN access. Manage Wi-Fi security at plant and corporate office. Tool Deployment & Management Manage deployment and operations of security tools (EDR, DLP, encryption, etc.). Liaise with third-party vendors for security tools and updates. B. Governance, Risk, and Compliance (GRC) Policy & Procedure Management Deploy, maintain, and periodically review IT policies and procedures. Modify policies based on business requirements or corporate IT recommendations. Audit & Documentation Prepare documentation for internal and external IT audits. Support audit processes and provide necessary evidence and responses. Compliance Ensure compliance with applicable standards (ISO 27001, GDPR, SOC 2, etc.). Conduct internal compliance checks and assist external auditors. Risk Management Perform periodic IT risk assessments. Identify security risks and recommend mitigation strategies to IT leadership. C. Identity & Access Management User Lifecycle Management Handle user provisioning and de-provisioning in systems and applications. Implement and monitor role-based access control and MFA. Access Audits Periodically review user access rights. Address access anomalies and unauthorized permissions. D. Security Awareness and Training Training & Awareness Conduct cybersecurity awareness sessions for all employees. Develop and distribute best practice guides and security communications.

Information Security Specialist Role ServiceNow Information Security Specialist Total Yrs. of Experience 8-12 Years Relevant Yrs. of experience 8 Years Detailed JD (Roles and Responsibilities) IT risk and compliance lead/information security specialist (new addition) An individual or group that makes sure the organizations security protocols and best practices are followed within the platform Responsible for making sure platform administrator is up to speed on organizations overall security governance process Confirms the technical design and integration requirements with various systems to support processes that require data exchange Reviews and communicates feedback on all the mandatory deliverables from a risk and compliance perspective. Helps to inform decisions regarding necessary credentials and permissions Provides input to the data transfer process from security compliance requirements Ensures the instance is secure and hardened as needed (domain separation, Edge Encryption, etc.) Creates and enforces security standards throughout the platform Protects resources in the platform with tools like ACLs Audits security logs of the platform Lead the security incident and interface with auditors during audit Interface with auditors during audit Mandatory skills ServiceNow , IT Risk and Compliance Desired/ Secondary skills Audit, Governance Domain Information Security Work Location given in ECMS ID Pune (any offshore location works) Location- PAN India Yrs of Exp-8Yrs

Job Summary The Sr. Analyst, Info Sec is responsible for overseeing and managing multiple risks, audits, and controls within the Information Technology Domain. This person is expected to be a strategic partner to control owners, second line of defense, and privacy leaders. The position reports to the Manager, Information Security and works closely with other Information Security Domain Champions. Essential Job Functions Audit coordination and evidence collection Facilitate the collection of evidence for various audit and control activities such as PCIDSS, NIST CSF, GLBA 501-B, Sarbanes Oxley, etc. Review evidence for appropriateness and adequacy. Track and report on all evidence requests to ensure request deadlines are met. Coordinate and facilitate audit and/or control interviews as well as necessary follow up meetings between control owners and internal/external auditors. Publish meeting minutes and track action items to completion. Utilizes planning and organization tools to develop project/action plans. Meets deliverable deadlines as directed. Payment Card Industry (PCI) Annual Audit - Possess in-depth knowledge of the PCI-DSS. Test PCI controls and work with control owners to resolve control design or operating effectiveness issues ahead of and during annual Company PCI Audit. Partner with external Qualified Security Assessor (QSA) to reduce scope and control testing where possible. Use knowledge of General IT Computing Controls and Cyber Security Tools to create PCI Compensating Control Matrices when required. Control Coaching, Consulting, and Collaboration Partner with IT Control Owners to identify, resolve, mitigate, or compensate for control failures identified through risk assessments, internal/external audits, or cyber security tools and processes. Develop proactive risk and control assessment strategies to stay ahead of emerging risks and regulatory requirements. Collaborate with the IT Risk Second Line of Defense and Privacy Partners when formulating strategies to maximize coverage and work paper reuse. General Information Technology - Foundational to intermediate knowledge of IT tools and practices including, but not limited to: Networking, LDAP Directories, Vulnerability/Patch Management, Change Management, Incident Management, Server and Desktop Management, Mainframe Technologies, Encryption and Key Management, Cloud Architecture and Computing, Software Application General Computing Controls, Business Continuity/Disaster Recovery, Software Development Lifecycle, Access Management, and Cyber Security Tooling. Metrics and Presentation Skills Ability to produce meaningful and actionable metrics through data analysis. Conduct data analysis exercises using Excel Pivot Tables, Microsoft Access Queries, and other data driven analysis tools. Produces presentations at various levels of abstraction dependent on intended audience using Microsoft Power Point, Microsoft Visio, or equivalent tools. Intermediate to expert English writing skills expected. Human Relations Ability to diffuse problematic situations and manage through conflict resolution. Utilizes soft skills such as: Selective Agreement, Reflective Listening, Voice Inflection, and Empathy. Ability to take complex concepts and break down into laymen s terms or analogies that help with other s understanding. Viewed as an enabling partner that provides options or information when saying no to business or IT requests. Seen by leadership and peers as creditable, trustworthy and respectful. Utilizes subject matter expertise to guide and coach less experienced team members. Reports to: Manager, IT Security Admin/Lead Working Conditions/ Physical Requirements: Normal office environment. As the need of the business continue to evolve, this role may be asked to work an on-call rotation to include evenings or weekends. Direct Reports: None Work Shift Required : Normal Office Work Timings: 11am to 8pm IST or 1pm to 10pm IST / Flexible to work in shifts as needed Minimum Qualifications: Bachelors Degree Six or more years in Risk Management, Audit, Compliance, Information Technology Preferred Experience: Graduate or Post Graduate in Computer Science, Networking or Information Technology Certifications: One or more relevant professional technical certifications (examples: CISSP, CISA, CISM, OR Security+) Other Duties This job description is illustrative of the types of duties typically performed by this job. It is not intended to be an exhaustive listing of each and every essential function of the job. Because job content may change from time to time, the Company reserves the right to add and/or delete essential functions from this job at any time. About Bread Financial At Bread Financial, you ll have the opportunity to grow your career, give back to your community, and be part of our award-winning culture. We ve been consistently recognized as a best place to work nationally and in many markets and we re proud to promote an environment where you feel appreciated, accepted, valued, and fulfilled both personally and professionally. Bread Financial supports the overall wellness of our associates with a diverse suite of benefits and offers boundless opportunities for career development and non-traditional career progression. Bread Financial (NYSE: BFH) is a tech-forward financial services company that provides simple, personalized payment, lending, and saving solutions to millions of U.S consumers. Our payment solutions, including Bread Financial general purpose credit cards and savings products, empower our customers and their passions for a better life. Additionally, we deliver growth for some of the most recognized brands in travel & entertainment, health & beauty, jewelry and specialty apparel through our private label and co-brand credit cards and pay-over-time products providing choice and value to our shared customers. To learn more about Bread Financial, our global associates and our sustainability commitments, visit breadfinancial.com or follow us on Instagram and LinkedIn . All job offers are contingent upon successful completion of credit and background checks. Bread Financial is an Equal Opportunity Employer. Job Family: Information Technology Job Type: Regular

Key Responsibilities Perform and review design and operating effectiveness testing procedures on internal controls over Cyber Security and Information Technology across variousareas such as Identity and Access Management, Backups, Incident, Change Continuity Management etc. Document your testing procedures and present findings to the relevant stakeholders Support ICARs central team on planning, execution and reporting of ICAR assurance cycles Provide support and mentoring to other ICAR team members Develop and maintain automated control testing solutions leveraging on data analytics Engage with various stakeholders across the business representing the ICAR team Required Skills 10+ years of work experience in IT assurance functions (internal / external auditing, control testing, risk management)and/or practical experience in the field of IT and Cyber Security Good understanding of IT risk and control frameworks and the underlying technologies, concepts, and processes Strong knowledge of SQL and relational databases and proficiency in programming languages such as Python or R. Knowledge of data analytics and visualization applications (e.g., Palantir Foundry, Tableau) is preferred University degree in related field, qualified or working towards a CISA, CISM, CISSP, CSX-P, CIA or CRISC professional certification is a plus Knowledge of Cloud Security and DevSecOps practices will be considered advantageous Critical thinker that sees the "big picture" (e.g. overall themes, trends, goals) Result oriented individual with agile mindset and ability to work independently, able to plan well, work in the field and able to deliver results in time Good communicator, able to gain and maintain trust while delivering difficult messages Team worker, able to listen to others but also influence Fluent in English, written and spoken