297 It Risk Jobs - Page 2

Key responsibilities Understand client s challenges and industry related issues and offer solutions in the areas of IT Risk. Participate in go to market, create proposals and respond to RFPs, client orals etc. Identify opportunities for cross-selling to current clients/introduce colleagues from other service lines. Travel to client locations (India and abroad) for meetings, conduct workshops, knowledge sharing sessions etc. for existing and new clients. Jointly lead global account relationships along with onshore, manage engagement deliveries, quality and drive the growth agenda on accounts. Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Manage a team of Seniors and Staffs (across geographies) for delivery of engagements across clients. Foster an innovative and inclusive team-oriented work environment. Play an active role in counselling and mentoring junior consultants within the firm. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the clients business. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Assist with cultivating and managing business development opportunities. Understand EY and its service lines and actively assess/present ways to serve clients. Skills and attributes for success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor s or master s degree and approximately 3-5 years of related work experience Deep understanding of SAP business processes (e.g., purchase-to-pay, record-to-report, order-to-cash). SAP ECC/S4 Experience Experience in Internal controls within SAP ECC/S4 Applications and their integrations and strong understanding of IT application controls, IT general controls and interface controls. Build or design security around SAP ECC, APO, BW, GRC, HANA, BOBJ, BPC, S/4 & FIORI AND/OR Strong understanding of Segregation of Duties and User provisioning, experience implementing and supporting SAP GRC - Access Risk Analysis (ARA) and Emergency Access Management (EAM) modules AND/OR Experience implementing and supporting multiple SAP ECC, S/4 implementations in a Functional role. Have an understanding of configurations, and set ups, and security architecture. Excellent communication, documentation and report writing skills. Excellent leadership and teaming skills, with ability to train, coach and mentor. A willingness to travel (India and abroad) for client needs. Professionals with SAP certification preferred, Good to have additional Industry related certification such as CISA, CISM etc.

Program Manager About Us Capco, a Wipro company, is a global technology and management consulting firm. Awarded with Consultancy of the year in the British Bank Award and has been ranked Top 100 Best Companies for Women in India 2022 by Avtar & Seramount . With our presence across 32 cities across globe, we support 100+ clients across banking, financial and Energy sectors. We are recognized for our deep transformation execution and delivery. WHY JOIN CAPCO You will work on engaging projects with the largest international and local banks, insurance companies, payment service providers and other key players in the industry. The projects that will transform the financial services industry. MAKE AN IMPACT Innovative thinking, delivery excellence and thought leadership to help our clients transform their business. Together with our clients and industry partners, we deliver disruptive work that is changing energy and financial services. #BEYOURSELFATWORK Capco has a tolerant, open culture that values diversity, inclusivity, and creativity. CAREER ADVANCEMENT With no forced hierarchy at Capco, everyone has the opportunity to grow as we grow, taking their career into their own hands. DIVERSITY & INCLUSION We believe that diversity of people and perspective gives us a competitive advantage. MAKE AN IMPACT Role Description GDPR experience and specifically on Data Deletion / Retention - Insurance or Banking experience is mandatory.**** Role Purpose The role creates business value through efficient and effective planning and delivery of change within a programme or across an IT function. Key accountabilities include: Shaping/executing change strategy Owning a programme of change Driving change delivery Managing value Executing effective governance Accountabilities Nature of Work Shaping/executing change strategy Support CIO and/or Programme Change Leads in building and delivering their transformation agenda. Execute a significant element of a transformation strategy owned and defined by senior leaders Shape the strategy working with key stakeholders across IT and the relevant business areas o Maintain clear line of sight between the delivery of projects/initiatives and the strategic outcomes that have been set Support business transformation and on-boarding of new business/initiatives Drive and deliver innovation, automation and new ways of working Owning a programme of change Construct and organise a programme to deliver projects/initiatives Manage the planning, prioritisation and scheduling of projects and deliverables aligned to business plans and requirements o Accountable for the cadence and do-ability of change Align programme reporting to the mandatory and regulatory reporting agenda, monthly, quarterly, annual submissions, etc. Identify and manage dependencies and stakeholders Deliver change effectively and efficiently o Drive delivery of projects/initiatives to time, quality and cost o Use best practice in project management o Develop individual change business cases o Manage resourcing of projects o Build team delivery capability including agile and project teams to deliver end-to end change o Identify and manage delivery, technical and commercial risks o Maintaining effective and efficient risk management and internal control systems, in line with agreed risk appetite, where necessary directing action plans to rectify issues o Manage safe implementation into production and/or successful transitionManaging value o Own the line of sight cost base for the change agenda in scope and help secure business buy-in to initiatives that help simplify the estate and reduce cost. o Deliver to budget. Manage and track programme/change technology change budget and spend. o Deliver against cost targets and simplification aspirations within agreed service and risk appetite. o Demonstrate most effective use of money and drive ongoing cost reduction o May be accountable for negotiating and managing 3rd party contracts and manging tenders and RFPsExecute effective governance o Provide oversight, management and governance of the programme/change agenda o Agree accountabilities of the role in relation to wider programmes, wider change initiatives, business sponsors o Utilise PMO best practice o Work with the architecture community to guarantee GAB approval is met. o Represent the programme/change agenda at governance fora Job specific aspects of the role Roles managing the agenda of change in UKI CIO, Corporate Functions CIO and Digital CIO Programme roles (including J2, Y , SIP and GFF in 2018) o GIO roles driving strategy, infrastructure operating model and future change, sourcing strategy, networks and workplace transformationRisks & Controls Identify, own and manage the specific key risks and/or IT controls and BP standards that you are identified as the owner and/or nominee for on iCARE or Archer o Ensure that issues and actions associated to controls / risks are remediated in a timely manner Maintain appropriate records on iCARE or Archer o Ensure that controls are sufficiently well designed and operating effectively to keep the risks that they mitigate within tolerance level o Report and escalate the status of the relevant risks, controls and standards as appropriate Resource Complexity Manages a team of direct reports (e.g. PMs and BAs) Coordinates/task manages resources drawn from across IT within projects, which may be on multiple sites Accountable for people management decisions including recruitment, setting objectives, performance management, recommending reward and/or bonus Leaders are accountable for developing the capability of their team and their people and for driving the culture of the organisation Accountable for agreeing an annual plan and decisions required to deliver an annual programme or change budgetProblem Solving Problem solving may require information gathering, analysis, consideration of options and drawing conclusions on a case-by-case basis. Guidelines and policy can help but at the heart of the role is the exercise of judgment based on professional training and/or experience Measure and demonstrate that lessons are learned on issues and repeat incidents are not experienced. Know when to escalate and drive resolution to guarantee timely customer expectations Change The essence of the role is the coordination, management and delivery of change across an area of IT or the business The role is accountable for change decisions that secure delivery including: project team formation, changes to the structures and working patterns of teams, changes to the application of the approved budget Internal Collaboration Collaborate with other change roles and with providers of temporary project resource Build effective working relationships and influence all key programme stakeholders and sponsors External Interaction Build effective working relationships with suppliers, negotiate within budget and contract constraints to make best use of services provided into Seek exposure to third parties in and other industries to share learning; attend key industry events and forums Capabilities Previous experience. Led teams with positive feedback. Proven experience managing multiple interrelated run and change budgets. Supplier management negotiation experience. Working with senior stakeholders to deliver timely and accurate reporting Led IT risk and / or control strategies 3+years previous experience managing complex deliveries Known for high degrees Agility (Foresight, Learning, Adaptability, and Resilience), Mobilization (Putting customer first, shaping strategy, Inspiring & Influencing), Execution (Building talent and teams, driving for results), Transformation (Leading innovation and seeking to disrupt/challenge) Experience working through differing methodologies, including Dev Ops, Agile and Waterfall Approach. Driving new modern software development techniques A framework for capabilities and skills across IT to further support development and career pathways is being developed in 2018

Shift: UK Shift Experience: 3-6 years in information security, IT risk, audit, or compliance roles The Information Security Risk Analyst plays a critical role in identifying, evaluating, and mitigating risks that threaten the confidentiality, integrity, and availability of CGI information systems and data. This individual will contribute to the development of a mature risk management program that aligns with business goals, assurance requirements, and industry best practices. Working cross-functionally with IT, business stakeholders, compliance, legal, and external partners, the analyst will assess risks associated with new technologies, digital transformation efforts, regulatory changes, and evolving threat landscapes. This role ensures that security risk decisions are data-driven and documented, and that mitigation strategies are prioritized based on business impact and likelihood. Your future duties and responsibilities: Risk Identification & Assessment Conducting security related risk assessments within the organizational guidelines of Enterprise Risk Management. Perform in-depth risk assessments for internal systems, cloud services, third-party vendors, and emerging technologies. Conduct business impact analyses to evaluate the consequences of security incidents and define criticality levels for systems and data. Utilize industry-standard frameworks (NIST RMF, ISO 27005, FAIR, etc.) to quantify and communicate risk posture. Analyze threat intelligence feeds and integrate them into risk models to better anticipate and respond to future risks. Risk Mitigation & Treatment Planning Develop and maintain a formal risk register that tracks identified risks, treatment plans, and residual risk. Collaborate with asset owners and IT teams to recommend and validate risk mitigation measures. Support decision-making by preparing cost-benefit analyses of remediation strategies vs. accepted risk. Policy, Compliance/Assurance & Governance Support Ensure that internal policies and procedures reflect risk tolerance and evolving legal/regulatory obligations (e.g., GDPR, HIPAA, SOX, PCI DSS). Assist in conducting gap analyses against compliance standards and frameworks. Partner with audit teams to ensure security risks are tracked through issue management lifecycles. Third-Party & Vendor Risk Management Conduct due diligence on vendors and partners during onboarding and periodically thereafter. Leverage security questionnaires, SOC 2/ISO 27001 reports, and penetration test results to validate vendor risk posture. Track and report third-party risks and collaborate on vendor exit and contingency planning. Reporting & Metrics Create risk dashboards and executive-level reports showing trends, key risk indicators (KRIs), and remediation progress. Present findings to stakeholders, boards, or governance committees, translating technical risk into business context. Use GRC tools to automate risk scoring, control tracking, and evidence collection. Awareness & Training Collaborate with security awareness teams to align training programs with risk findings and trends. Educate internal stakeholders on security risk management practices, control expectations, and emerging threats. Required qualifications to be successful in this role: Education & Credentials Bachelor's degree in Information Security, Cybersecurity, Computer Science, Risk Management, or related field. Preferred certifications: - CRISC (Certified in Risk and Information Systems Control) - CISSP (Certified Information Systems Security Professional) - CISM (Certified Information Security Manager) - CISA (Certified Information Systems Auditor) Professional Experience 36 years in information security, IT risk, audit, or compliance roles. Proven experience conducting risk assessments and applying controls across complex technical environments (on-prem, cloud, hybrid). Exposure to security tools and platforms such as: - GRC suites (e.g., Archer, ServiceNow GRC, LogicManager) - SIEMs (e.g., Splunk, QRadar) - Vulnerability scanners (e.g., Qualys, Tenable) - Identity & Access Management platforms (e.g., Okta, Azure AD) Success Criteria & Soft Skills Analytical Thinking: Able to balance qualitative and quantitative risk approaches; excels in root cause analysis. Communication: Can convey risk issues in plain language to technical and non-technical audiences. Collaboration: Effectively builds relationships with cross-functional stakeholders. Adaptability: Thrives in a fast-paced, evolving regulatory and threat landscape. Integrity: Maintains impartiality and protects sensitive information with discretion. Optional/Preferred Experience Familiarity with: Data privacy laws and data protection impact assessments (DPIAs) Cloud security (e.g., AWS Well-Architected Framework, Azure security benchmarks) Emerging Technologies (Artificial Intelligence, Quantum Computing, etc.) Hands-on experience with quantitative risk analysis methodologies (e.g., FAIR)

Should have good experience in SOX consulting, process and frameworks, User Access Review - Should be conversant with GRC practices, audits and compliance - Should have excellent communication skills, both verbal and written

Join our team at JPMorgan Chase, a global leader in the financial industry, as a Lead Cybersecurity Architect within the Cybersecurity & Tech Controls Team. In this role, you will play a crucial part in developing top-notch cybersecurity solutions for various software applications on modern cloud-based technologies. Your responsibilities include identifying, creating, and communicating risk, mitigation options, and solutions across multiple technical areas within various business functions to support project goals effectively. You will be responsible for fostering a security-focused culture across product, technology, and business teams to prioritize sustainable controls and achieve significant risk reduction. By integrating threat modeling, secure architecture, and code review into agile development, you will ensure secure product delivery. It is essential to gain a deep understanding of the product, its strategy, roadmap, and key investments, and identify unfamiliar technologies and business concepts to uncover hidden issues and enhance the product's cyber risk posture. As a security thought leader, you will share best practices with product and cybersecurity teams, becoming the go-to expert for IT Risk and Cyber domains within your product. In case of emerging issues, you will act swiftly by monitoring Key Risk Indicators, ensuring timely identification, communication, and resolution of issues, and determining root causes. Collaboration with colleagues across the products supply chain, audits, regulatory engagements, risk activities, and Third-Party Oversight teams to manage technology risks, especially in cloud computing and emerging technologies, will be crucial. Qualifications and skills required for this role include formal training or certification in cybersecurity concepts, a minimum of 5 years of applied experience, advanced knowledge of cybersecurity architecture and technical processes, expertise in public cloud, AI, machine learning, or mobile technologies, and the ability to manage multiple projects under pressure. You should also possess strong skills in developing and analyzing business and technical requirements, evaluating and recommending technologies, understanding agile methodologies, and effectively communicating with senior business leaders. Preferred qualifications include certifications in Cybersecurity, Cloud, Infrastructure, or Product, familiarity with risk management frameworks, industry standards, financial industry regulatory requirements, knowledge of the financial services industry and their IT systems, and expertise in data security, risk assessment & reporting, control evaluation, design, and governance with a proven record of implementing effective risk mitigation strategies.,

Responsibilities: * Conduct IT audits according to SOX compliance requirements * Ensure ITGC adherence through testing and reporting * Identify IT risks and develop mitigation strategies Health insurance Annual bonus Provident fund

Challenging. Meaningful. Life-changing. Those aren t words that are usually associated with a job. But working at Bristol Myers Squibb is anything but usual. Here, uniquely interesting work happens every day, in every department. From optimizing a production line to the latest breakthroughs in cell therapy, this is work that transforms the lives of patients, and the careers of those who do it. You ll get the chance to grow and thrive through opportunities uncommon in scale and scope, alongside high-achieving teams. Take your career farther than you thought possible. Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees with the resources to pursue their goals, both at work and in their personal lives. Read more: careers. bms. com/working-with-us . If you re seeking a meaningful and dynamic career with a diverse and passionate team, we encourage you to explore opportunities with us! Key Responsibilities The Risk Analyst I, IT Risk Operations will work in a team environment to plan and execute dynamic cyber, privacy and third-party risk assessments and identify value-added recommendations to strengthen Company processes and controls. Work collaboratively with Business, IT and Cybersecurity teams to execute risk assessments covering technical, organizational, and privacy controls. Participate in planning activities to identify significant risks and design appropriate risk-based assessment procedures for processes, systems, infrastructure, and cloud environments based on regulations, business criticality and cyber threat landscape. Lead meetings involving various levels of management to effectively communicate assessment status and recommendations, manage relationships, and help build partnership. Prepare assessment documentation to ensure they are clear, concise, high quality, and include details to support the conclusion of effectiveness of the implemented controls. Prepare assessment summaries and clearly written, concise control attestations that effectively communicate any identified issues and their related value add corrective actions. Collaborate within the team or outside the team when working on broader or complex topics in understanding environment. Qualifications & Experience 1 to 2 years of prior Cybersecurity/ Risk management / IT audit and/or IT related experience (e. g. , Business Analysis, Project Management, Operations, Privacy and Compliance). Familiarity of the NIST Cyber Risk Management Framework and NIST 800-53 controls library. Familiarity with various data privacy regulations around the world. Experience in assessing system pre/post implementations, cybersecurity, data privacy, digital transformation, and other emerging technologies. Experience with a GRC tool. Identifies key influencers and builds a network of internal/external relationships. Persuades and negotiate effectively with peers and customers on own work outcomes. Identifies opportunities to improve and grow, balancing performance feedback and career development. Applies a continuous improvement mindset in enhancing efficiency, quality and effectiveness or their work outputs. Displays understanding of performance metrics for driving the teams goals and questions the external environment and its implication on the goals and strategies. Able to review multiple factors of data and can effectively organize information to compare and assess short and long-term implications. Can create a well-developed recommendation and sound actions.

Every career journey is personal. Thats why we empower you with the tools and support to create your own success story. Be challenged. Be heard. Be valued. Be you ... be here. Job Summary The Sr. Analyst, Info Sec is responsible for overseeing and managing multiple risks, audits, and controls within the Information Technology Domain. This person is expected to be a strategic partner to control owners, second line of defense, and privacy leaders. The position reports to the Manager, Information Security and works closely with other Information Security Domain Champions. Essential Job Functions Audit coordination and evidence collection Facilitate the collection of evidence for various audit and control activities such as PCIDSS, NIST CSF, GLBA 501-B, Sarbanes Oxley, etc. Review evidence for appropriateness and adequacy. Track and report on all evidence requests to ensure request deadlines are met. Coordinate and facilitate audit and/or control interviews as well as necessary follow up meetings between control owners and internal/external auditors. Publish meeting minutes and track action items to completion. Utilizes planning and organization tools to develop project/action plans. Meets deliverable deadlines as directed. Payment Card Industry (PCI) Annual Audit - Possess in-depth knowledge of the PCI-DSS. Test PCI controls and work with control owners to resolve control design or operating effectiveness issues ahead of and during annual Company PCI Audit. Partner with external Qualified Security Assessor (QSA) to reduce scope and control testing where possible. Use knowledge of General IT Computing Controls and Cyber Security Tools to create PCI Compensating Control Matrices when required. Control Coaching, Consulting, and Collaboration Partner with IT Control Owners to identify, resolve, mitigate, or compensate for control failures identified through risk assessments, internal/external audits, or cyber security tools and processes. Develop proactive risk and control assessment strategies to stay ahead of emerging risks and regulatory requirements. Collaborate with the IT Risk Second Line of Defense and Privacy Partners when formulating strategies to maximize coverage and work paper reuse. General Information Technology - Foundational to intermediate knowledge of IT tools and practices including, but not limited to: Networking, LDAP Directories, Vulnerability/Patch Management, Change Management, Incident Management, Server and Desktop Management, Mainframe Technologies, Encryption and Key Management, Cloud Architecture and Computing, Software Application General Computing Controls, Business Continuity/Disaster Recovery, Software Development Lifecycle, Access Management, and Cyber Security Tooling. Metrics and Presentation Skills Ability to produce meaningful and actionable metrics through data analysis. Conduct data analysis exercises using Excel Pivot Tables, Microsoft Access Queries, and other data driven analysis tools. Produces presentations at various levels of abstraction dependent on intended audience using Microsoft Power Point, Microsoft Visio, or equivalent tools. Intermediate to expert English writing skills expected. Human Relations Ability to diffuse problematic situations and manage through conflict resolution. Utilizes soft skills such as: Selective Agreement, Reflective Listening, Voice Inflection, and Empathy. Ability to take complex concepts and break down into laymen s terms or analogies that help with other s understanding. Viewed as an enabling partner that provides options or information when saying no to business or IT requests. Seen by leadership and peers as creditable, trustworthy and respectful. Utilizes subject matter expertise to guide and coach less experienced team members. Reports to: Manager, IT Security Admin/Lead Working Conditions/ Physical Requirements: Normal office environment. As the need of the business continue to evolve, this role may be asked to work an on-call rotation to include evenings or weekends. Direct Reports: None Work Shift Required : Normal Office Work Timings: 11am to 8pm IST or 1pm to 10pm IST / Flexible to work in shifts as needed Minimum Qualifications: Bachelors Degree Six or more years in Risk Management, Audit, Compliance, Information Technology Preferred Experience: Graduate or Post Graduate in Computer Science, Networking or Information Technology Certifications: One or more relevant professional technical certifications (examples: CISSP, CISA, CISM, OR Security+) Other Duties This job description is illustrative of the types of duties typically performed by this job. It is not intended to be an exhaustive listing of each and every essential function of the job. Because job content may change from time to time, the Company reserves the right to add and/or delete essential functions from this job at any time. About Bread Financial At Bread Financial, you ll have the opportunity to grow your career, give back to your community, and be part of our award-winning culture. We ve been consistently recognized as a best place to work nationally and in many markets and we re proud to promote an environment where you feel appreciated, accepted, valued, and fulfilled both personally and professionally. Bread Financial supports the overall wellness of our associates with a diverse suite of benefits and offers boundless opportunities for career development and non-traditional career progression. Bread Financial (NYSE: BFH) is a tech-forward financial services company that provides simple, personalized payment, lending, and saving solutions to millions of U.S consumers. Our payment solutions, including Bread Financial general purpose credit cards and savings products, empower our customers and their passions for a better life. Additionally, we deliver growth for some of the most recognized brands in travel & entertainment, health & beauty, jewelry and specialty apparel through our private label and co-brand credit cards and pay-over-time products providing choice and value to our shared customers. To learn more about Bread Financial, our global associates and our sustainability commitments, visit breadfinancial.com or follow us on Instagram and LinkedIn . All job offers are contingent upon successful completion of credit and background checks. Bread Financial is an Equal Opportunity Employer. Job Family: Information Technology Job Type: Regular

Location: Bangalore or Hyderabad Senior Digital Risk Advisor Join a team of digital risk governance and controls professionals helping Swiss Re to fulfil its mission in making the world more resilient. As a Senior Digital Risk Advisor, you will be responsible for the first-line digital & technology operations risk and control activities ensuring risks are identified, controls applied, and performance is monitored, measured, and reported to our technology and business leaders. About the team The Digital Risk Governance & Controls team is a key part of Swiss Res Security Team, focused on defining and managing risks related to digital topics. Were looking for an experienced and highly motivated expert who will help to drive the companys risk culture. In your role, you will Be part of a team of digital risk experts supporting Applications and Business stakeholders with applying digital risk governance principles and standards Actively contribute to the implementation of the digital risk framework as the trusted digital risk partner Ensure IT threats and risks are understood, issues are handled timely, and that IT controls are designed and operating effectively Embed controls into operational procedures by collaborating with our digital & technology teams to automate, measure performance, and continuously improve our risk position Build operational transparency with continuous monitoring and assessment of controls so that we meet our risk appetite and drive corrective actions where needed Be someone who believes in continuous innovation, is curious and adamant in finding a better way every day Your qualifications A track record of successful delivery in IT risk and control-related roles, such as IT Governance, IT audit, or digital risk management Industry knowledge of insurance, reinsurance or banking business, and modern technology solutions General understanding of Risk Management Frameworks such as COBIT, ISO 31000 and COSO ERM CISA, CGEIT, CRISC or similar qualifications are an advantage Good teamwork and strong collaboration as well as a willingness to share knowledge and evolve within the team and across teams Capability to continuously build and maintain a strong collaborative network within the IT domains The ability to effectively communicate with a broad spectrum of stakeholders from senior managers to IT engineers , developers and operations staff Be curious, proactive, result-oriented and confident in decision-making at speed Passion, drive and a belief in the value of digital risk management as an enabler of business performance Fluency in spoken and written English About Swiss Re If you are an experienced professional returning to the workforce after a career break, we encourage you to apply for open positions that match your skills and experience. Keywords: Reference Code: 134242

At EY, you will have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of yourself. And EY is counting on your unique voice and perspective to help them become even better. Join EY and build an exceptional experience for yourself, contributing to creating a better working world for all. As part of the EY- Technology Risk team, you will contribute technically to IT Risk and Assurance client engagements and internal projects. You will actively establish, maintain, and strengthen internal and external relationships. Identifying potential business opportunities for Ernst & Young within existing engagements and escalating them as appropriate will be a crucial part of your role. Additionally, you will anticipate and identify risks within engagements and share any issues with senior members of the team. We are looking for an Analyst to join the leadership group of our EY-Technology Risk Team. This is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your key responsibilities will include evaluating a portfolio of controls for design effectiveness, operating effectiveness, and/or risk management outcomes. You will ensure that assigned control assessments are accurate, effective, abide by policy, procedures, and templates, and meet quality control requirements, delivering them on time according to the assessment plan. Testing and supervising the delivery of assigned controls will involve various areas such as ITGC, ITAC, System Architecture, Operating Systems, Databases, Networks, Security Systems, Cloud Services, Asset Inventories, Incident Management, Recovery Management, ISO27001 & NIST assessment, Privacy Assessment, Cyber Maturity Assessment, IT Policies and Standards Assessment, and Software Development Lifecycle (SDLC). Managing control owners and stakeholders, applying judgment and risk management concepts to identify findings, provide valuable insights to clients, reviewing IT Policies and Standards, working closely with cross-functional teams, and staying current with regulatory standards and industry best practices are all key aspects of the role. Skills and attributes for success include providing guidance, sharing knowledge, conducting information security assessments, maintaining client relationships, demonstrating a thorough understanding of complex information systems, utilizing extensive knowledge of the client's business/industry, and demonstrating excellent project management skills. To qualify for this role, you must be a Graduate (CS/ IT, Electronics, Electronics & Telecommunications)/MBA/M.Sc. with at least 2-7 years of experience. Your significant experience in applying relevant technical knowledge in engagements such as ISO assessments, NIST assessments, Data privacy audits, Network and Infrastructure audits, Cyber Maturity Assessment, IT Policies and Standards Assessment, IAM and IT Asset Management, and IT Health Check is required. Ideally, you will also have a robust understanding of program and project management practices and familiarity with a typical IT systems development life cycle. EY offers support, coaching, feedback, opportunities for skills development and career progression, as well as freedom and flexibility in handling your role. Working at EY provides opportunities to work with inspiring and meaningful projects, with a focus on education, coaching, and personal development within an interdisciplinary environment that emphasizes high quality and knowledge exchange. EY exists to build a better working world, creating long-term value for clients, people, and society, and building trust in the capital markets. Across assurance, consulting, law, strategy, tax, and transactions, EY teams in over 150 countries provide trust through assurance, help clients grow, transform, and operate, by asking better questions to find new answers for the complex issues facing our world today.,

Junior Auditor: B.E./B.Tech/MCA/MBA. Certifications: ISO27001 LA, CISM, CEH, ECSA, CCNA, MCITP, VCP, CSA STAR, ITIL, ISO 20000. 3 yrs exp in IT systems/data centre audit, SLA monitoring, FAT/PAT audits, and SWAN/SDC/e-Gov projects.

Sr. Data Center Auditor Certification: Any 2 from ISO27001 LA/CISA/CISM/CISSP, PMP/Prince2, ITIL/ISO 20000 or relevant ITSM/IT Governance certs. JD: Experience in SWAN/SDC/e-Gov PM plus design/monitoring of WAN/Data Centre projects is a plus.

Support and oversee comprehensive technology audits, including assessments of IT General controls across the environment. Collaborate with external auditors to coordinate and support annual technology audits, ensuring audit requirements and timelines are met. Coordinate periodic SOX testing to demonstrate effectiveness of IT General Controls for all in-scope systems. Identify, assess, and prioritize technology-related risks across the organization, with a focus on cybersecurity, data protection, and operational resilience. Review and evaluate the design and effectiveness of IT General Controls, recommending improvements as necessary. Ensure IT processes, systems, and controls align with regulatory requirements (e.g., SOX, GDPR, DORA) and industry standards (e.g., ISO 27001, NIST). Support compliance teams in responding to internal and external audits and inquiries regarding IT systems and data management practices. Partner with IT, security, and compliance teams to provide insights on risk mitigation strategies, control enhancements and findings remediation. Communicate audit findings and recommendations to senior management and key stakeholders, helping to shape a culture of continuous improvement and risk awareness. Oversee the preparation of audit reports, including executive summaries, findings, and actionable recommendations for improvement. Monitor industry trends, regulatory changes, and emerging risks to refine and enhance audit methodologies and best practices. Implement automated audit tools and data analytics to improve audit efficiency, coverage, and accuracy. Excellent communication and interpersonal skills, with the ability to collaborate effectively across functions and levels.

As the Manager - Data Protection at our organization, you will play a crucial role in overseeing the data protection and privacy management functions. Based in Mumbai, you will report to the Head Compliance MS India and be responsible for ensuring compliance with the DPDP Act, 2023. Knowledge or exposure to GDPR will be an added advantage. Your primary responsibilities will include developing policies, procedures, and checklists related to data protection and privacy. You will monitor compliance with various data protection regulations at an enterprise level and provide guidance to the security organization on data protection matters. Additionally, you will review business arrangements and internal processes to ensure compliance with data privacy and protection standards. To excel in this role, you should hold a Bachelor's or Master's degree in IT, IT Security, Engineering, or a related field. Possessing a security certificate such as CISA, CISM, CRISC, CISSP, or CIPP would be beneficial. With a minimum of 5-10 years of experience in information security, security risk management, or cyber security, you should have a strong understanding of security frameworks like ISO27001 and PCI. We are looking for a results-driven individual with excellent analytical skills and attention to detail. Strong communication and presentation abilities in English, both verbal and written, are essential. A multicultural mindset, flexibility to work in an international environment, and a persistent attitude are qualities we value in our team members. In return, we offer a competitive salary, 25 days of annual leave, private medical insurance, an attractive pension scheme, and a flexible benefits scheme. We are committed to your professional development and have comprehensive training programs in place to support your career growth. At Worldline, we recognize that our success is driven by the talents and diversity of our team members, making your contribution integral to our achievements. If you are ready to take on this challenging role and contribute to our organization's success, we encourage you to apply. Join us at Worldline and be part of a global leader in digital transformation.,

Assist client in identifying and evaluating business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement Assist in the selection and tailoring of approaches, methods and tools to support service offering or industry projects Facilitate use of technology-based tools or methodologies to review, design and/or implement products and services Understand clients business environment and basic risk management approaches Project Management: Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions Play substantive/lead role and engagement planning, economics, and billing Generate innovative ideas and challenge the status quo Participate in proposal development efforts Participate in "add-on" sales to client Membership and visibility in professional & civic organizations Identify opportunities to cross-sell other services Build and nurture positive working relationships with clients with the intention to exceed client expectations Qualification and Certification: Chartered Accountant and/or MBA with Finance/IT Certifications of CISA, CISSP, CISM, ISO27001 preferred

As a Senior Digital Risk Advisor at Swiss Re, you will play a crucial role in the first-line digital & technology operations risk and control activities. Your primary responsibilities will include identifying risks, applying controls, and monitoring and reporting performance to technology and business leaders. The Digital Risk Governance & Controls team, part of Swiss Re's Security Team, is seeking an experienced and motivated individual to contribute to defining and managing risks related to digital topics. You will work alongside a team of digital risk experts to support Applications and Business stakeholders in applying digital risk governance principles and standards. Your role will involve actively participating in implementing the digital risk framework as a trusted digital risk partner. You will ensure that IT threats and risks are well-understood, issues are addressed promptly, and IT controls are designed and operating effectively. Collaboration with digital & technology teams will be essential to embed controls into operational procedures, automate processes, measure performance, and enhance our risk position continually. Continuous monitoring and assessment of controls will be a key focus to maintain operational transparency, meet our risk appetite, and take corrective actions when necessary. We are looking for an individual who values continuous innovation, is naturally curious, and strives to find better ways of working each day. Qualifications: - Previous experience in IT risk and control-related roles like IT Governance, IT audit, or digital risk management - Certifications such as CISA, CGEIT, CRISC, or similar will be advantageous - Strong teamwork and collaboration skills, along with a willingness to share knowledge and grow within the team and across departments - Ability to build and maintain a collaborative network within the IT domains - Curiosity, proactiveness, result-oriented mindset, and confidence in making decisions promptly - Passion, drive, and belief in the importance of digital risk management for enhancing business performance - Fluency in spoken and written English Swiss Re is a global leader in reinsurance, insurance, and risk transfer solutions, dedicated to making the world more resilient. With a focus on managing various risks, from natural catastrophes to cybercrime, we offer innovative solutions for our clients. Join our team of over 14,000 employees worldwide to create new opportunities and shape the future of risk management. If you are a seasoned professional returning to the workforce after a career break, we welcome you to apply for open positions that align with your skills and experience.,

Do you want to join our Geo-data revolution Fugro's global reach and unique know-how will put the world at your fingertips. Our love of exploration and technical expertise help us to provide our clients with invaluable insights. We source and make sense of the most relevant Geo-data for their needs so they can design, build, and operate their assets more safely, sustainably, and efficiently. We are always looking for new talent to take the next step with us. We seek bright minds who enjoy meaningful work and want to push our pioneering spirit further. Individuals who can take the initiative but also work well within a team. You will have the following key responsibilities: Business Support: - Acquire a good understanding of key assets and processes. Evaluate and reduce risks to acceptable levels with stakeholders. Help various teams achieve organizational objectives without compromising security posture. - Support the business in the bid process regarding security-related aspects, assist in the auditing process (internal and external), and conduct other security assessments. Stakeholder Management: - Collaborate closely with stakeholders across all functions within the Middle East and India region, being at the forefront of key projects. - Work with Project Managers, Business Analysts, Architecture, and other stakeholders to ensure Fugro Information Security standards are followed. Learning and Continuous Improvement: - Provide feedback into Information Security Programs to support continuous improvement and set priority areas. - Drive positive change in Information Security through regular collaboration. - Share knowledge and insights actively to increase Information Security awareness throughout the organization in the Middle East and India region. Skills & Qualifications: - BSc or MSc degree in Information Security or a related field. - Excellent English language skills, both written and oral. - Minimum 3-5 years of experience in both Project Management and Information Security. - Experience working with internal and external auditors and demonstrated experience in application security practices and IT Risk and Security governance. At Fugro, we offer a positive work environment and projects that will satisfy the most curious minds. We provide great opportunities for personal development and growth, giving you the freedom to grow faster and do what you do best. We encourage you to bring your energy, enthusiasm, questions, and opinions as we believe in the strength that comes from a diverse, driven team. Our view on diversity, equity, and inclusion: At Fugro, diversity is our superpower. We welcome distinctive beliefs and diverse backgrounds while rejecting discrimination, harassment, inappropriate behavior, and unfair treatment. Every individual should be well-supported, treated fairly, valued, and have their voice heard. We believe that fostering a sense of belonging and acceptance creates a more connected and purposeful environment. Disclaimer for recruitment agencies: Fugro does not accept unsolicited applications from recruitment agencies. Acquisition to Fugro Recruitment or any Fugro employee is not appreciated.,

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. As part of our EY GRC Tech team, you'll contribute technically to IT Risk and SAP S4 transformation client engagements. An important part of your role will be to actively establish, maintain, and strengthen internal and external relationships. You'll also identify potential business opportunities for Ernst & Young within existing engagements and escalate these as appropriate. Similarly, you'll anticipate and identify risks within engagements and share any issues with senior members of the team. We're looking for Manager to join the group of our EY GDS GRC Tech Team. This is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. **Career Framework:** - Interacts with business stakeholders to gather, understand, document, and analyze business requirements. - Analyzes reports and assessments to provide insights on whether a solution/technology being implemented is meeting business requirements. - Evaluates business models, processes, and operations to develop a good understanding of business needs and requirements. **Experience, Background, Technical Skills & Knowledge:** - Candidate will have a minimum of 7-11 years of experience in SAP IT Audit with knowledge of IT governance practices. - Lead SAP Risk and Controls projects, ensuring high-quality delivery and client satisfaction. - Conduct SAP pre/post-implementation reviews to identify and mitigate potential risks. - Perform SAP audits, focusing on system integrity and data accuracy. - Design and assess SAP S4 controls, identifying gaps and recommending improvements. - Collaborate with cross-functional teams to integrate risk and control considerations into broader project objectives. - Provide thought leadership and insights on SAP risk and control trends and best practices. **Qualifications:** - Good understanding of the COSO framework, Sarbanes-Oxley Act (Sections 302 and 404), GDPR, etc. - Strong experience in performing test of design and effectiveness for internal controls related to SOD, ITAC, ITDM, ICFR, and IFRS along with the ability to suggest best practice recommendations. - Should have completed at least 5-6 Risk & Control engagements covering pre-& post-implementation reviews, assessments, control design and testing for SAP ECC and/or S4 HANA landscape. - Proven experience in SAP Risk and Controls projects. - Strong understanding of SAP ECC & S4 HANA environments. - Excellent project management and leadership skills. - Ability to communicate complex ideas effectively, both verbally and in writing. - Relevant professional certifications (e.g., CISA, CRISC, CIA) are desirable. - Good to have exposure in SAP Basis testing & SAP ITGC testing will be preferable. - Candidate with professional consulting experience in technology risk management ideally with a Big 4 or similar large consulting firm will be preferred. **Skills & Capabilities:** - Experience in leading implementation / Risk and Controls engagements for various clients. - Experience in drafting proposals, RFP, pursuits, innovations, etc. - Strong communication, presentation, and team-building skills and experience in producing high-quality reports, papers, and presentations. - Owns the relationship with senior business stakeholders to fully understand complex business/functional requirements and strategies and oversees the translation of these into complex technical requirements and specifications, guiding senior management towards accepting change brought about through process and organizational change. - Establishes the contribution that technology can make to business objectives, defining strategies, validating and justifying business needs, conducting feasibility studies, producing high-level and detailed business models, and overseeing the development and implementation of solutions, taking into account the implications of change on the organization and all stakeholders. - Should possess the ability to conduct and drive workshops with the client stakeholders on understanding clients" process & system landscape. - Work effectively as a team member and drive the delivery of IT audit documents independently. - Demonstrate sound technical understanding of IT Audits (ITGC & ITACs) for SAP environment. **Technologies & Tools:** - SAP Functional Knowledge. - Knowledge of Business Processes. - SAP ECC & S4 HANA. - Risk and Compliance. - MS Office Tools. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people, and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate. Working across assurance, consulting, law, strategy, tax, and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.,

The job The IT GRC Junior Analyst supports AVEVAs internal control certification activities under PCAOB/SOX. This role operates within the first line of defence and is responsible for validating IT General Control (ITGC) documentation, tracking audit evidence, and ensuring timely readiness of compliance deliverables. This role should ensure that documentation meets required standards across AVEVAs business-critical systems. Key responsibilities Validate ITGC evidence across access, change, and operational control areas using QA checklists Support control owners in preparing audit-ready documentation, ensuring clarity and completeness Maintain centralized repositories and trackers (e.g. SharePoint, Teams) to ensure document version control Identify documentation gaps and inconsistencies, escalating to the Senior Manager where necessary Participate in audit walkthroughs and help prepare supporting documentation Assist in user access reviews, control testing activities, and incident log validations Contribute to QA training guides, awareness material, and document templates Support coordination with second-line (Risk & Control) and third-line (Internal Audit) teams Essential requirements 4-6 years of experience in IT audit, GRC, or internal control environments Foundational knowledge of PCAOB/SOX, ISO 27001, or equivalent frameworks Proficient in Microsoft Excel, SharePoint, and Teams Experience handling ITGC evidence across enterprise platforms Strong communication skills with attention to documentation quality Ability to manage deliverables across multiple systems and teams Desired skills Exposure to enterprise systems such as Oracle, SAP, Salesforce, or Workday Familiarity with ServiceNow or audit workflow tools Understanding of user access governance and change enablement Experience supporting external auditors or formal IT assurance reviews Awareness of regulatory topics including GDPR or data retention Experience with Riskonnect, SAP GRC, or similar governance, risk, and compliance tools Experience working in a Big 4 firm (e.g., Deloitte, EY, KPMG, PwC) Competencies Evidence quality and documentation discipline Attention to detail and process control Proactive stakeholder communication Team collaboration and support mindset Accountability for timelines and compliance outcomes Structured problem solving with audit awareness.

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. As a Risk consultant, you'll contribute technically to Risk Consulting client engagements and internal projects. An important part of your role will be to actively establish, maintain, and strengthen internal and external relationships. You'll also identify potential business opportunities for EY within existing engagements and escalate these as appropriate. Similarly, you'll anticipate and identify risks within engagements and share any issues with senior members of the team. In line with EY's commitment to quality, you'll confirm that work is of high quality and is reviewed by the next-level reviewer. As an influential member of the team, you'll help to create a positive learning culture, coach and counsel junior team members, and help them to develop. The opportunity We're looking for Seniors Consultants to join the leadership group of our EY-Consulting Technology Risk Team. This is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your key responsibilities - Participate in IT Risk and Assurance engagements. - Work effectively as a team member, sharing responsibility, providing support, maintaining communication, and updating senior team members on progress. - Help prepare reports and schedules that will be delivered to clients and other parties. - Develop and maintain productive working relationships with client personnel. - Responsible for managing reporting on assurance findings and ensure control owners take remediation action as required. - Identify, lead, and manage the continuous improvement of Internal Controls through implementation of continuous control monitoring and automation. - Obtain and review evidence of compliance for adherence to standards. - Key domains of compliance controls, including change management, access to system, network and Data, computer operations and system development. - Stay current with and promote awareness of applicable regulatory standards, upstream risk, and industry best practices across the enterprise. - Understanding on Control frameworks such as COSO, internal control principal and related regulations including SOX and J-SOX. Common IT governance and Assurance standards including NIST, COBIT, Risk IT, ITIL, and third-party reporting standards as SSAE16. - Understanding on independent and risk-based operational audits such as Software Development Life Cycle (SDLC), Business Resilience, Cybersecurity audits, Data privacy, and data protection audits, Network security audit. - Understanding and hands-on experience on data analysis tools such as Tableau, Power Bi, python, etc. - Conduct performance reviews and contribute to performance feedback for staff. - Adhere to the Code of Conduct. The Code of Conduct sets the standards of behavior, actions, and decisions we expect from our people. Skills and attributes for success - Experience in application controls and Information security experience. - Understanding of risk management systems and processes. - Ability to build relationships with key stakeholders across different levels of seniority. - Strong written and verbal communication skills. To qualify for the role, you must have: - Preferably bachelor's degree in (Finance/Accounting, Electronics, Electronics & Telecommunications, Comp. Science)/MBA/M.Sc./CA. - Minimum of 1-2 years of experience in internal controls and Internal Audit. - Enterprise risk services with specific focus on IT and related industry standards. - IT Risk Assurance framework. - Control frameworks such as COSO, internal control principles, and related regulations including SOX and J-SOX. - Preferred security skills related to a broad range of operating systems, databases, or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls, and IDS systems. - Familiarity with IT analysis, delivery, and operations methods, including SDLC and CM. - Familiarity with security and risk standards such as ISO 27001-2, PCI DSS, NIST, ITIL, COBIT. - Experience of security testing methods and techniques including network, operating, and application system configuration review. - Application controls and security experience: sensitive access and SOD testing, controls testing. - Knowledge of data analysis tools like MS Excel, MS Access, MS SQL Server, ACL, Monarch, etc. - Preferred Certifications: CISA. What we look for We believe that you should own and shape your career. But we'll provide the support and opportunities to develop the skills, knowledge, and experience to succeed. The strength of our global network, combined with local empowerment and a relentless focus on winning in specific markets, means you'll interact and team with individuals from various geographies and sectors. So, whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. What working at EY offers At EY, we're dedicated to helping our clients, from startups to Fortune 500 companies, and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: - Support, coaching, and feedback from some of the most engaging colleagues around. - Opportunities to develop new skills and progress your career. - The freedom and flexibility to handle your role in a way that's right for you. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people, and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate. Working across assurance, consulting, law, strategy, tax, and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.,

The R&C IT Analyst is also a subject matter expert, responsible for advising the Risk team on controls design, deficiencies evaluation and improvements across multiple processes from testing standpoint. A successful risk professional requires a dynamic personality and ability to adapt in a rapidly changing environment. B. responsible: key areas of responsibility will include, but are not limited to: Execute and lead testing end to end for the assigned areas: Design and execute the day-to-day testing activities of IT controls, with a focus on regulatory/compliance related risks Collect, analyze, and interpret information to assess and conclude on each assigned testing area with clear concise documentation Identify gaps in design and execution, and communicate issues and recommendations to R&C team and control owners Develop and maintain comprehensive documentation including process walkthrough documentation, control testing documentation and any others required Collaborate and partner with R&C by providing guidance and ensuring that critical IT controls are adequately designed and documented, in order to strengthen the control environment, mitigate the company risks and support the business in achieving objectives Collaborate & participate within R&C to continuously improve the R&Cs capabilities and governance from an IT testing standpoint B. skilled: The ideal candidate will have a strong background in IT risk management, IT frameworks, governance and controls, Segregation of Duties, and ERP audits. 4+ years of experience gained within IT compliance, internal controls, internal/external audit, including experience working with teams in an international environment Strong understanding of design assessment and operating effectiveness assessment of IT controls, and interface controls. Experience in technology-based product development / DevOps processes, cloud security and other modern day technologies Understanding of different architecture (SOA and micro services), and ability to review source codes is an added advantage. Understanding of and experience with risk management relevant fields and frameworks, including SOx, COSO, and COBIT working knowledge of SOx an advantage Ability to multitask and successfully manage multiple priorities and projects Strong work ethic, enthusiastic, self-starting, adaptable and enjoys change in a super engaged team Excellent communication skills to interact with audit teams, management and other stakeholders effectively Ability to work effectively in a virtual environment Fully comfortable working in English, both written and spoken Professional certification, such as CISA/CRISC/CIA (or similar), would be an advantage Relevant bachelors degree required Experience working with a Big4 is preferred Key Skills Understanding of and experience with risk management relevant fields and frameworks, including SOx, COSO, and COBIT 4+ years of experience gained within IT compliance, internal controls, internal/external audit, including experience working with teams in an international environment Design and execute the day-to-day testing activities of IT controls, with a focus on regulatory/compliance related risks

Job Summary Booking.com follows a defense in depth strategy for managing its risks. As part of this strategy, Booking has 3 departments focussing on each line of defense. Global Internal Audit (GIA) is responsible for the 3rd line of defense, Risk and Controls (R&C) is responsible for the 2nd line of defense, while the responsibility of 1st line has been distributed between process/control owners and the Trust, Risk, Assurance and Compliance (TRAC) team. TRAC is the first-line of defense risk team responsible for Central Tech business unit risks & Security risks across the company. Our IT Risk & Compliance Associate is aspiring to be an SME, and has domain knowledge of one or two areas to address processes, risks and control issues. They are responsible for working with Issue owners and risk owners within Security & Fraud teams to maintain internal controls around risk and governance. Our team member as IT Risk & Compliance Associate in Risk Governance team supports Cybersecurity & Risk best practices that include tracking and updating Issue register,supporting teams in triage for cyber risk related activities like performing Issue triage, tracking issue remediation, processing security policy exceptions, track audit issue closure for status and risk. Our associate is a key resource for our operational IT security risk governance processes such as maintaining cyber risk and issue register, risk acceptances, audit issue remediation status updates are provided to senior management that gives a very high degree of visibility. Our associate has basic awareness of GRC and related technologies across Risk domains (Cybersecurity, Privacy, Third party, Fraud, Trust & Safety) and provides first level functional and technical requirements with support from Risk & compliance manager for engineering teams to develop technical solutions. They understand what the most critical elements of the technical solution are and can explain and justify the chosen technical solutions. Our associate takes pride in being the part of processes and operations that have a direct impact on the Cybersecurity Risk and security posture of the organization. Key Responsibilities Responsibility Core responsibilities of IT Risk & Compliance Associate are - Manage the operational risk governance processes such as maintaining cyber risk register, security exceptions, tracking remediation status of audit and overdue remediation tasks. Manage Risk related activities like updating Risk register, triaging risks, manage internal controls, systems and process landscape to enable clear understanding of impact from IT issues and identify risks to be updated in the cyber risk register and central issue register Triage and track issues to closure Track and Manage exceptions to IT policies and standards. Lead Risk Governance processes together with issue owners and risk owners based in Amsterdam, Manchester and Bangalore Keep cyber risks inventoried and updated Keep the Policy and Risk knowledge base updated Candidates with at least 1-2 years of experience in GRC are preferred. Communication Stakeholder Type Available options: Cooperation Persuasion Information Frequency Available options: Continuous (daily or a number of times a day) Frequent (about once a week) Occasionally (once or twice a month or less) Tech business function and other business units Cooperation Partner with SSF issue owners and risk owners by providing guidance and support in designing and implementing appropriate controls to strengthen the control environment, mitigate the company risks and support the business in achieving objectives. Identify control gaps, based on identified risks. Facilitate and participate in cross functional groups to implement or enhance controls in cross functional processes. Support SSF issue and risk owners in resolving issues related to tracking updates on open issue, open risks coming from Issue management, Exceptions and Audit issue tracking. Occasionally Risk Governance Perform Triage and monitor risks on risks in Risk register or observations and work with risk owners to update status. Report the outcome of tracking risks coming from issues, exceptions and audit issues to relevant trackers. Frequent Subject Matters Experts (SMEs) e.g. Security, Fraud, Privacy, Legal, etc. Cooperation Coordinate and coordinate with various teams, GIA and other SME teams for managing GIA audit and risk outcomes and expectations of stakeholders Frequent

The R&C IT Analyst is also a subject matter expert, responsible for advising the Risk team on controls design, deficiencies evaluation and improvements across multiple processes from testing standpoint. A successful risk professional requires a dynamic personality and ability to adapt in a rapidly changing environment. B. responsible: key areas of responsibility will include, but are not limited to: Execute and lead testing end to end for the assigned areas: Design and execute the day-to-day testing activities of IT controls, with a focus on regulatory/compliance related risks Collect, analyze, and interpret information to assess and conclude on each assigned testing area with clear concise documentation Identify gaps in design and execution, and communicate issues and recommendations to R&C team and control owners Develop and maintain comprehensive documentation including process walkthrough documentation, control testing documentation and any others required Collaborate and partner with R&C by providing guidance and ensuring that critical IT controls are adequately designed and documented, in order to strengthen the control environment, mitigate the company risks and support the business in achieving objectives Collaborate & participate within R&C to continuously improve the R&Cs capabilities and governance from an IT testing standpoint B. skilled: The ideal candidate will have a strong background in IT risk management, IT frameworks, governance and controls, Segregation of Duties, and ERP audits. 4+ years of experience gained within IT compliance, internal controls, internal/external audit, including experience working with teams in an international environment Strong understanding of design assessment and operating effectiveness assessment of IT controls, and interface controls. Experience in technology-based product development / DevOps processes, cloud security and other modern day technologies Understanding of different architecture (SOA and micro services), and ability to review source codes is an added advantage. Understanding of and experience with risk management relevant fields and frameworks, including SOx, COSO, and COBIT working knowledge of SOx an advantage Ability to multitask and successfully manage multiple priorities and projects Strong work ethic, enthusiastic, self-starting, adaptable and enjoys change in a super engaged team Excellent communication skills to interact with audit teams, management and other stakeholders effectively Ability to work effectively in a virtual environment Fully comfortable working in English, both written and spoken Professional certification, such as CISA/CRISC/CIA (or similar), would be an advantage Relevant bachelors degree required Experience working with a Big4 is preferred

The IT Risk & Compliance Analyst is responsible for partnering with Farehabor risk owners throughout the Tech business function to design and maintain internal controls aligned with the risk appetite and process quality. You will collaborate closely with the FH Business unit security officer and stakeholders from multiple departments to ensure a comprehensive understanding of processes while maintaining a big picture focus. As an aspiring subject matter expert, you will combine theory knowledge with organizational practice across various disciplines within the function. Engaging with senior stakeholders is key to identifying people, process, and technology risks relevant to Technology. You will support the Cyber maturity framework based on NIST, develop remediation plans, and implement Programs, projects, processes, and IT Controls to address framework gaps. Successful execution of risk expertise necessitates effective communication with senior stakeholders, fostering collaboration, integrating perspectives, and driving beneficial business outcomes. You will demonstrate solid stakeholder management skills, challenge risk owners to develop robust solutions mitigating key risks while ensuring successful business operations. Key Responsibilities: - Lead Cyber Maturity Assessment for Farehabor entity - Support cross-functional remediation tracking, monitoring, and reporting activities - Drive operational risk governance processes for Farehabor entity, including maintaining cyber risk register, security exceptions, and audit issue remediation status - Collaborate in building and maintaining the NIST Control framework with FH Risk officer and Information security officer for FH technology teams - Develop knowledge of FH internal controls, systems, and processes to identify risks and update the cyber risk register - Support Risk and Governance processes with stakeholders in Amsterdam and the US - Inventory and update cyber risks - Provide in-house consulting as Subject Matter Expert for NIST-related activities Requirements: - 4+ years of domain experience - First experience in business analysis, auditing, corporate governance, risk management, or internal controls - Ability to build solid relationships with business partners to foster a risk management culture - Basic technical understanding of internal control requirements and design, with experience applying them in various businesses - Flexibility to adapt to dynamic business needs while maintaining robust solutions - Strong ability to break down tasks into manageable actions and deliver on time - Agile response to changes in business, stakeholder expectations, or regulatory/operating environments - Strong independent contributor with excellent team player skills Pre-Employment Screening: Your application may undergo pre-employment screening by a third party to assess your qualifications and suitability for the position, in accordance with applicable law. This screening may include reviewing your employment history, education, and other relevant information.,

The IT Risk & Compliance Analyst is responsible for partnering with risk owners within the Farehabor (FH) entity to design and maintain internal controls aligned with the risk appetite and process quality standards. Collaboration with FH Business unit security officer and stakeholders from various departments is crucial to maintain a holistic view while ensuring a detailed understanding of processes. Aspiring to be a subject matter expert, the IT Risk & Compliance analyst combines knowledge of enterprise risk discipline with expertise across different disciplines within a function. Engaging with senior stakeholders, the role involves identifying people, process, and technology risks for Technology, and developing a Cyber maturity framework based on NIST, including remediation plans to address gaps. Key Responsibilities: - Lead Cyber Maturity Assessment for Farehabor entity - Support cross-functional remediation tracking, monitoring, and reporting - Drive operational risk governance for Farehabor, including maintaining cyber risk register - Collaborate on building and maintaining NIST Control framework for FH technology teams - Support Risk and Governance processes with stakeholders in Amsterdam and the US - Provide in-house consulting as a subject matter expert on NIST related activities Requirements: - Prior experience in business analysis, auditing, corporate governance, risk management, or internal controls - Ability to build strong relationships with business partners to promote a risk management culture - Basic technical understanding of internal control requirements and design - Flexibility to adapt to changing business needs while delivering robust solutions - Strong ability to break down large tasks into manageable actions and deliver on time - Agility in response to changes in business, stakeholder expectations, or regulatory environments - Independent contributor with strong teamwork skills.,