297 It Risk Jobs - Page 7

Controls Advisory The Controls Advisory delivers all project and engagement management phases for multiple clients in various industries. Responsibilities include executing business processes, IT control reviews, and activities related to Sarbanes-Oxley 404 and internal audit control projects. Client Responsibilities: Performing work on SOX 404 engagement for IT engagements: conducting control design and operating effectiveness tests, ensuring high-quality work through complete and accurate testing documentation. Manage a portfolio of engagements by leading a team of Assistant managers, Senior Associates, and Associates/ Analyst Ensure the work delivered is high quality through spot checks, periodic reviews, and quality review/ assurance processes. Ensure established turnaround times and the allotted budget are met. Assist Associate Directors and Directors in developing new methodologies, internal initiatives, marketing collaterals, business proposals, etc. Should have good writing, communication, and interpersonal skills. People Responsibilities: Manage larger teams by motivating, coching, and developing junior colleagues. Conceptualize and translate lessons learned from client engagements into training sessions. Provide real-time constructive feedback and facilitate timely completion of engagements. Skills Required: Candidates should have proficient knowledge (both in leading and performing work) in the areas of IT General Controls testing for Internal Audits (IA) and Sarbanes-Oxley (SOX) 302, 404 audits, Logical access, Change management, Computer operations, Cloud Computing, Network Security, and SDLC, Third party reporting e.g. SOC1, SOC2 etc. Strong experience, including performing risk assessments, performing walkthroughs, creating flowcharts, designing controls, and using Microsoft Office tools (Word, Excel, Access, PowerPoint, etc.). Experience: 5-7 years of postgraduate experience in risk advisory, internal audit, or SOX compliance, preferably with Big 4 or related business experience. Qualification: Certified Information Systems Auditor/ Bachelor of Engineering/ B.Tech/ Masters in Business Administration with primary in Information Technology & Systems/ Masters in Computer Applications Team Handeling, Testing, Sox Audit, Risk Advisory, Internal Audit

: Job Title- Operational Resilience Coordinator, Associate Location- Pune, India Role Description About DWS: Today, markets face a whole new set of pressures but also a whole lot of opportunity too. Opportunity to innovate differently. Opportunity to invest responsibly. And opportunity to make change. Join us at DWS, and you can be part of an industry-leading firm with a global presence. You can lead ambitious opportunities and shape the future of investing. You can support our clients, local communities, and the environment. Were looking for creative thinkers and innovators to join us as the world continues to transform. As whole markets change, one thing remains clear; our people always work together to capture the opportunities of tomorrow. Thats why we are Investors for a new now. As investors on behalf of our clients, it is our role to find investment solutions. Ensuring the best possible foundation for our clients financial future. And in return, well give you the support and platform to develop new skills, make an impact and work alongside some of the industrys greatest thought leaders. This is your chance to achieve your goals and lead an extraordinary career. This is your chance to invest in your future. Team / division overview The Operational Resilience team within the Chief Operating Office, drives the execution of the DWS Group Operational Resilience Programme. Operational Resilience describes DWSs ability to detect, prevent, respond to, recover and learn from operational disruptions. On the basis that operational disruption is inevitable, a risk-based and systematic approach to Operational Resilience provides greater assurance to Senior Management that those Business and Infrastructure Functions which deliver the Bank's material business services are adequately prepared for future disruption. In times of crisis specifically, this means minimizing the impact, improving the DWSs response, and maintaining the availability of our most important Business Services to our clients and markets. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities As an Operational Resilience Co-Ordinator you lead the Operational Resilience Operations Team that: Crisis Management Supports Global and Regional Crisis Chief of Staff with Crisis Mgmt information management, training, exercising and lessons learned tracking Maintains and update Regional Crisis Management Contact cards, Email Distribution, SendWordNow and MS Teams Lists. Supports the preparation required for running regional crisis exercises. BCM Oversees non-compliance with Accountable Managers, copying relevant Regional OpRes Lead Analyses continuity risks, including but not limited to concentration risks, single points of failure, recovery capability against DWS Risk Appetite Operational Resilience Supports Important Business Service Managers to coordinate scenario analysis / stress testing for each IBS instance to ensure regulatory requirements are met Coordinates and track through to completion the necessary remediation activities where scenario testing (or other analysis) identifies capability gaps (i.e. expected to be unable to recover services within stated Recovery Objectives) Supports production and maintenance of severe but plausible scenario library Reporting and Tooling support Develops, maintains and issues resilience related risk reporting to ensure proactive business awareness for compliance and vulnerabilities Provides central advisory and support for DWSs adoption of ServiceNow OpRes/BCM Modules Supports production of governance meeting and training reference materials Supports production and maintenance of threat analysis reports Your skills and experience Operational Resilience is a rapidly evolving risk discipline with the sector and regulatory authorities continually learning. We are therefore seeking candidates with a hunger to learn, enjoy collaboration, problem solving and challenging the status quo. Specifically we are looking for Several years of professional experience in the Financial Services / Asset Management Sector (ideally at DWS/DB), experienced in Operations, Business Continuity, Crisis Management, Audit, Information Security, Compliance, IT Risk, Third Party Risk Management or Operational Risk Management preferred Good knowledge of DWS operations and divisional operating models and ability to translate business strategic changes into areas of emerging risks to support mitigation preferred Appreciation of the regulatory requirements for Operational Resilience (including BCM and Crisis Management) in the asset management area Excellent analytical skills and structured approach; Ability to grasp new topics quickly and create the right framework for further evaluation and implementation Personal initiative, results orientation and leadership qualities with regard to the independent implementation of medium-sized initiatives Demonstrable team leadership, staff development, relationship building skills and problem solving Worked with broad set of stakeholders within a high-pressure dynamic environment Demonstrable ability to understand and engage in business transformation; productively highlight risks and opportunities and effectively manage a successful outcome Advanced knowledge of using MS Excel/ PowerPoint/Word to analyze and present complex issues; other project management, automation and visualization tools are beneficial Excellent communication skills both within working groups and in presenting results in a clear and concise manner Very good knowledge of the English language (spoken and written) How well support you About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm

Job Title: IT Auditor, AVP Corporate Title: AVP Location: Pune, India Role Description You will be responsible for auditing Deutsche Banks technology and security controls. You will be involved in the planning, preparation, coordination and execution of audits to evaluate the adequacy and effectiveness of internal controls related to IT Infrastructure services primarily within TDI Global Technology Infrastructure including End User Computing. You will undertake audit assignments, draft and consolidate audit reports as well as tracking and closing audit findings. You will work as part of a global team, spread across the US, Germany, the United Kingdom and Singapore What well offer you As part of our flexible scheme, here are just some of the benefits that youll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities What You’ll Do Plan, prepare, coordinate and execute audits to evaluate the adequacy and effectiveness of cyber security controls in accordance with Group Audit’s Methodology. Contribute to Continuous Monitoring and overall implementation of Group Audit Methodology. Undertake audit assignments, draft and consolidate audit reports for review by audit management and facilitate finding tracking and validate closure of findings. Participate in ad hoc projects and special inquiries. Work closely with colleagues in New York, Jacksonville, London, Birmingham, Berlin, Frankfurt and Singapore. Your skills and experience Skills You’ll Need University degree in computer science, mathematics, engineering or a related scientific degree. Certifications as CISA, CISM, CISSP or equivalent qualification in the areas of information security, project management or process-/quality management would be an advantage. Demonstrable experience in one or more of the following disciplines: IT infrastructure, IT production, IT operation such as system administrator, database administrator, operator in a data centre or software development for IT infrastructure applications. Experience in IT Audit, IT risk management or information security. A fundamental understanding of the following Audit disciplines: audit concepts (e.g. pre-/post implementation audits), controls in outsourced environments (e.g. for managed services), auditing project management and auditing IT service- and quality management. Skills That Will Help You Excel Very good written/verbal communication skills and the ability to communicate effectively in conflicts and at all management levels. Language skills beyond English are not a requirement, but are generally useful. Experiences in analyzing and articulating IT Infrastructure risks combined with a good understanding of IT services and IT processes in an enterprise environment. Flexibility, pro-active, self-sufficient and innovative with strong organizational skills to take ownership and responsibility of agreed targets and meet them within budget to enable a timely and efficient completion of audit projects. Ability to multi-task assignments and prioritize the workload with limited supervision and be resilient under pressure and the ability to deliver to deadlines. How we’ll support you Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm

Role Description The 1st line Tech Risk and controls function at Deutsche sits within the Group Technology Infrastructure (GTI) for Deutsche Bank Group. GTI has the largest footprint within the Technology, Data and Innovation division and is joined by other business-aligned CIO IT divisions. The Tech Risk and Controls is a dynamic team, consistently in demand, for providing guidance and challenge to deliver change and maintain systems in a secure and resilient manner. As part of the team, you will join the Banks journey and contribute towards our strategic goal of cloud enabled solutions as well as activities that improve our operational resilience and risk reduction. Specifically, you will bring expertise to Control definition and assessments capability across IT Infrastructure, SDLC and Architecture domains supporting a proactive risk management function. It will therefore also include providing change risk advisory services for transformational change programs undertaken by or impacting GTI. You will liaise with other risk and control functions, on a management level to assure the integration of risk initiatives and projects. You will also support Regulatory Adherence and Policy Management function within TDI Risk Management. Its purpose is to provide oversight and supervision of new & changed material regulation impacting TDI, including full traceability to derived DB-specific Policies, Procedures, Key Operating Documents and Supporting Documents. Your key responsibilities Risk & Control Management Identify and evaluate potential areas of non-compliance or risk, assessing impact, probability and present findings and proposals for risk mitigation measures. Support the delivery of the risk and control initiatives. This includes participation in risk and control activities, risk-based control reporting of key issues, performance and validation of cyclical activities such as annual control self-assessments. Work closely with teams in and out of the division to understand risks impacting the group. Align internal Deutsche Bank policies/procedures against industry recognized framework to strengthen the control framework and its implementation for both within the Bank and our 3rd party vendor relationships Ensure management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums Regulatory Adherence and Policy Management Coordination of regulatory adherence assessments across sub-divisions within TDI and management and review of Policies, Procedures, Key Operating Documents, Supporting Documents within TDI. Engage with stakeholders across TDI and other (e.g. 2nd line of defence) divisions in reviewing, assessing, and documenting the impact of regulations and planning remedial actions. Steer and support the publication of a consistent set of global and local Policies, Procedures, Key Operating Documents and Supporting Documents relating to Information Technology from laws, rules, and regulations. Risk remediation and Change Risk Advisory Support the Head of TDI GTI Risk Management in assessing risks related to strategic changes within the GTI Organization Proactively monitor risk landscape shift within the industry to identify transformation project opportunities to insulate Deutsche Bank from any potential risk exposure e.g., Production design life cycle, application and infrastructure architecture and its resilience Stakeholder Management Identify, Partner and Collaborate Work with relevant stakeholders to identify and assess controls gaps related to technology risk - measure and mitigate them in a timely manner Align with COO Division Control Office (DCO) team and NFRM (2nd LoD) ensuring successful and consistent implementation of the established control framework. Promote and support proactive IT risk culture at the Bank. Your skills and experience Desired experience Minimum 5 years of experience as Risk and Control Lead in designing and implementation of Technology risk framework or IT Audit in a global organization. Experience in a regulatory oversight, assurance, or policy management function within technology. Or have suitable compliance or audit background within infrastructure (and preferably IT & Information Security). Extensive experience regarding development, training and implementation of IT Policies, Procedures, Key Operating Documents and Supporting Documents. Good understanding of Industry best practices such as NIST, COBIT, ITIL and ISO 27001 Other professional qualifications and certifications in Technology risk management Desired behaviors A strong team player comfortable in a cross-cultural and diverse operating environment Result oriented and ability to deliver under tight timelines Ability to successfully resolve conflicts in a globally matrix driven organization Excellent communication and collaboration skills Desire to learn about new and emerging technologies and continuous upskilling Must be comfortable with navigating ambiguity to extract meaningful risk insights.

Position Overview: We are seeking a highly experienced and strategic Third-Party Risk Management (TPRM) professional to lead and enhance our enterprise-wide third-party risk program. This role involves overseeing risk assessments, governance, due diligence, monitoring, and issue management for vendors, partners, and service providers across the organization. The ideal candidate will bring 10–12 years of expertise in risk management, information security, compliance, and vendor oversight, with the ability to collaborate across legal, procurement, technology, and business functions to ensure consistent application of third-party risk controls. Roles and Responsibilities Key Responsibilities: Lead the execution and continuous improvement of the Third-Party Risk Management lifecycle, including on boarding assessments, ongoing monitoring, risk reviews, and exit management. Oversee the development and implementation of TPRM policies, frameworks, and procedures, aligned with regulatory standards such as NIST, ISO 27001, SOC 2, GDPR, DORA, and PCI DSS. Conduct and review inherent and residual risk assessments for new and existing vendors across multiple risk domains (information security, compliance, financial, operational, etc.). Collaborate with procurement, legal, IT, business units, and compliance teams to integrate TPRM into sourcing and contract processes. Drive the automation and scalability of the TPRM program through use of GRC platforms (e.g., ServiceNow, Archer, ProcessUnity, OneTrust). Manage third-party due diligence questionnaires (DDQs), control gap analysis, and track remediation efforts for identified issues. Prepare and deliver executive-level reporting and dashboards related to vendor risk posture, risk acceptance, and compliance status. Stay current on emerging regulatory requirements, supply chain risks, and third-party threats to inform program strategy. Support internal/external audits and regulatory reviews involving vendor risk management. Required Qualifications: 10–12 years of professional experience in Third-Party Risk Management, IT Risk, InfoSec, Audit, or related GRC functions. In-depth understanding of third-party risk domains, including cybersecurity, data privacy, business continuity, and compliance. Experience developing or managing TPRM frameworks and governance structures across global enterprises. Hands-on experience with TPRM tools such as ServiceNow GRC, Archer, OneTrust, Prevalent, or ProcessUnity. Strong knowledge of risk and control frameworks including NIST, ISO 27001, SIG, SOC 2, and GDPR. Proven ability to assess and report on third-party risk posture, remediation plans, and contract compliance. Excellent written and verbal communication skills with ability to influence technical and non-technical audiences. Preferred Qualifications: Relevant certifications such as CISA, CRISC, CISSP, CTPRA, CTPRP, or ISO 27001 Lead Auditor. Experience in regulated industries such as financial services, healthcare, or critical infrastructure.

About BNP Paribas India Solutions: Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Unions leading bank with an international reach With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions About BNP Paribas Group: BNP Paribas is the European Unions leading bank and key player in international banking It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Groups commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporate and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability Commitment to Diversity and Inclusion At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in About Business line/Function: ISPL Conduct & Control team is primarily responsible for proactive management of Operational Risks through a robust control framework, which aids in effective monitoring & reporting of risks Adopt Risk Based Approach on controls Understand risks based on past events & proactively implement measures for mitigation wherever possible Be a Conduct Representative for ISPL Job Title: CIB IT OPC Control Analyst Department: ISPL Conduct & Control Location: Mumbai Business Line / Function: IT OPC Position Purpose The role is to provide both the Business Units and IT Management with the assurance and visibility that IT Controls are executed in a controlled and managed way In addition to the specific responsibilities detailed below, the successful candidate will be expected to demonstrate understanding in other areas of Risk & Control Management including strategies surrounding Process Engineering, Configuration Management, Change, Incident & Problem Management, Non-Conformities and Corrective Actions Management, Risk Identification and Control, Project Management and Tools and Methods Responsibilities Direct Responsibilities Conduct periodic controls assessments across process areas in scope Raise any non-compliance, and follow up of the corrective actions until closure Liaise with global and local IT control areas to ensure their certification is timely and appropriate Perform periodic Root Cause Analysis of process issues and non-compliances at Project and Application Domain level Ensure that the exercise is planned, executed effectively and reported to appropriate level Participate in minimising production risks and issues, including but not exclusively, by helping to devise, and by implementing, sufficient regular controls Ensure appropriate escalation to management and/or Permanent Control (or Compliance as appropriate) as soon as an issue is identified The enforcement of Permanent Controls, providing ongoing risk & controls self-assessment status of the control environment Contribute all relevant management information (KPIs/KRIs) to the various scope reports/dashboards Assist with Historical Incident management process, including liaising with various stakeholders involved, root cause analysis and impact evaluation Contributing Responsibilities ? Contribute to the upkeep and maintenance of the ISPL Permanent Control Framework ? Maintaining relevant Operational Permanent Control (OPC IT) processes and procedures Technical & Behavioral Competencies ? Good knowledge of IT Risk & Audit domain with focus on Internal and/or External Audits ? Good understanding of IT Controls Framework and experience executing controls ? Understanding of IT Software, IT Infrastructure and IT Service Management domain is a value add ? Strong analysis & problem solving skills ? Structured and methodical mindset ? Proactive approach with a strong ability to work on own initiative ? Ownership of work and commitment to delivery ? Can do attitude ? Team oriented (both local and global) ? Good interpersonal and communication skills ? Big picture awareness make relationships between tactical issues and strategic options ? Client focused ? Pragmatic and creative approach

Develop and manage the organization s cybersecurity program strategy, roadmaps, and portfolios.Lead cross-functional initiatives to implement security policies, controls, and tools.Align programs with regulatory, compliance, and industry-standard frameworks (e.g., NIST, ISO 27001, CIS).Manage program lifecycle including planning, execution, monitoring, and reporting.Collaborate with key stakeholders (IT, risk, legal, operations) to ensure program alignment.Provide executive-level reporting and status updates, including risk and performance metrics.Manage security budgets, timelines, resources, and third-party vendors.Facilitate internal and external audits, assessments, and compliance initiatives.Drive security awareness, training, and change management programs.Identify and mitigate risks associated with cybersecurity initiatives.

Not Applicable Specialism Risk Management Level Associate & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In threat intelligence and vulnerability management at PwC, you will focus on identifying and analysing potential threats to an organisations security, as well as managing vulnerabilities to prevent cyber attacks. You will play a crucial role in safeguarding sensitive information and enabling the resilience of digital infrastructure. & Summary A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats s Experience in conducting IT risk assessments. Sound understanding of ISO 27001, NIST, PCI, Data Privacy, and Cloud Security. Knowledge on application infrastructure architecture. Knowledge on SaaS application architecture. Knowledge on database and middleware communication. Knowledge on API security. Good communication skills. Good team player. Good presentation skills and senior stakeholder management. Certifications CISA, CISSP, CCNP, CCSP, CISM, CRISC etc. Mandatory Skill Sets IT Risk, ISO 27001, NIST, PCI, Data Privacy, and Cloud Security. Preferred Skill Sets Stakeholder Management, Team Management Years of Experience 3+ Years Educational Qualification BE, B.Tech, M.Tech, MCA, MBA graduates. Education Degrees/Field of Study required Bachelor of Technology, Master of Business Administration Degrees/Field of Study preferred Required Skills ISO Certification, NIST Standards Accepting Feedback, Accepting Feedback, Active Listening, Cloud Security, Communication, Conducting Research, Cyber Defense, Cyber Threat Intelligence, Emotional Regulation, Empathy, Encryption, Inclusion, Information Security, Intellectual Curiosity, Intelligence Analysis, Intelligence Report, Intrusion Detection, Intrusion Detection System (IDS), IT Operations, Malware Analysis, Malware Detection Tools, Malware Intelligence Gathering, Malware Research, Malware Reverse Engineering, Malware Sandboxing {+ 11 more} Travel Requirements Government Clearance Required?

About the Role: Core Responsibilities: Plan, execute, and report on internal IT audits. Evaluate the effectiveness of IT controls, identify risks, and provide recommendations for improvement. Conduct regular access reviews to ensure that users have appropriate access levels based on their roles. Evaluate the effectiveness of access controls in safeguarding sensitive information. Recommend improvements for identity and access management (IAM) processes. Perform internal risk assessments to identify vulnerabilities and ensure timely mitigation strategies. Work closely with IT, legal, and business teams to address audit findings and track remediation efforts. Preference and Experience: The candidate must have experience in IT auditing, IT risk management, or related fields. Proficiency in compliance with frameworks like ISO 27001, SOC 2, PCI DSS, ITGC, or other relevant standards. Hands-on experience conducting on-site and remote assessments of third-party vendors to evaluate their security posture and related controls. Proficiency in MS Office Suite with experience creating and presenting dashboards and reports. Must be CISA certified. Must have the capability to represent the audit reports to Management. Stay updated on the latest developments in IT audit and compliance practices. Comfortable traveling for on-site visits to the client side for audit purposes.

: Job Title Risk & Control Specialist, AVP LocationBangalore, India Role Description Risk, Finance, Treasury (RFT) Technology is the technology partner to the CRO (Chief Risk Office) and CFO (Chief Financial Office) divisions. The Chief Risk Office is responsible to identify, aggregate, manage and mitigate Financial and Non-Financial risks and includes Market & Valuation Risk Management (MVRM), Credit Risk Management and Non-Financial Risk Management (NFRM). The Chief Finance Office includes Finance and Treasury and is responsible for a broad range of activities designed to ensure the financial and regulatory integrity of the Deutsche Bank Group including official production of PnL, Financial control, Group & Local Financial Reporting, Capital Management, Balance Sheet Management and Planning, and Liquidity & Treasury Reporting and Analysis. RFT Technology support the definition of the IT strategy and provision of solutions to allow CRO and CFO to manage all aspects of the Risk and Finance processes. Over the last couple of years, the regulatory landscape and associated demand to meet the mandated regulatory standards and reporting expectations has exponentially increased in complexity requiring Deutsche bank to significantly invest in its infrastructure and platform capability. The Risk and Control Specialist role supports RFT Technology Management managing all aspects of the Audit lifecycle. This includes (i) ensuring all identified risks (Audit Findings) and proactively managed and closed on time and (ii) identifying and assessing risks and their impact (self identified issues), planning remediation actions, and monitoring and reporting of their progress. The role requires strong stakeholder engagement, including close interaction with the Divisional Risk Leads, Regional leads, 2LoD such as Non-Financial Risk Management (NFRM) and 3LoD Group Audit as well as the groups frontline technology groups. This will include Chief Information Officers (CIOs), Development & Infrastructure Leads, Programme managers, Architects, and Production Support areas This is an exciting opportunity for a high-performing and motivated individual who is looking to contribute to the banks priority to reduce risk in a sustainable way. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Managing findings life-cycle events (e.g. closures, risk downgrades, risk acceptances) with finding owners/ risk leads to ensure they are addressed, appropriately documented within agreed timelines. Collaboration with internal teams to educate and promote Risk and Controls standards, Finding Management Procedure and Central Function checkliststo ensure successful handling oflife cycle events Understand and advocate DB Policies, Procedures, Controls and standards, Finding Management Procedure and Central Function checkliststo ensure successful remediation and handling oflife cycle events with stakeholder Coordinate with Portfolio Owners/risk leads for the upcoming audit schedule and request if any potential SIIs are to be raised for the audit scope. Conduct reviews of all Life Cycle Events before submission to CAF (Central Approval Function), assist with edits to improve quality of documentation Participate in Risk and Control meetings with Portfolio owners / CIO-1 totrack and review the status of remediationagainst risk topics Coordination and management with Portfolio Owners/Delegates, Embedded Risk Team (ERT), Control Owners, CAF members & collaboratively work together to ensure Risk is addressed in a sustainable way, be able to troubleshoot to eliminate blockers. Ensure management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums. Identify and evaluate potential areas of non-compliance or risk, assessing impact, probability and present self-identified findings and proposals for risk mitigation Your skills and experience Overall 8+ years of experience in any of the SDLC/STLC engagement and minimum 2 years on risk and audit related experience in IT Risk. Previous experience with IT risk assessment, audit, controls validation and emerging risk identification. A strong team player who can collaborate with people at all levels in a global matrix organization The ability to manage multiple tasks and efficiently prioritize workload with limited supervision and resilient under pressure. The ability to quickly build a network across RFT and among subject matter experts. Strong analytical and problem-solving skills to evaluate risk Result oriented and ability to deliver under tight timelines. Excellent communication, both written and verbal Desire to learn about new and emerging technologies and continuous upskilling. Must be comfortable with navigating ambiguity to extract meaningful risk insights. Ability to assimilate large quantities of information in short periods of time. How well support you . . .

Should be able to direct/execute audit project independently (covering planning, fieldwork and reporting stages of audits) Lead a variety of moderately complex to complex IT focused audits including IT governance, service and project delivery, audits of IT technical domains such as networks, infrastructure, and applications. Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas Planning, conducting walkthroughs, drafting process understanding and relevant controls. Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls Documenting and Reviewing Test of Designs and Test of Effectiveness controls. Perform analytical procedures/analysis to test the effectiveness of controls. Document audit procedures and cross reference working papers. Create management representation letter comments and recommendations and draft audit reports for management review. Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., Validations of audit issues. Conducting special reviews. What will you need to know: Desired qualification: Computer Services engineering/ BSc/MSc-IT / BCA/MCA degree [with an emphasis in information technology or equivalent degree] Experience: at least 6 to 8 years of IT Audit experience in assessing technology/IT controls and have experience in Internal Audit, Compliance & Risk Advisory services preferably in Banking and Financial services domain. Experience in auditing IT Internal controls, IT risk mitigation and technology related processes reviews. Good experience in IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. Good client interfacing skills, drafting skills, communication, and interpersonal skills. Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.)

- Act as the primary support contact for payment partners (e.g., Payfacs, ISOs). - Handle inquiries related to settlements, transaction statuses, integration, and account settings. - Troubleshoot issues related to transaction processing, reconciliations, chargebacks, and payout delays. - Support partners with onboarding processes, including technical integration (API or host-to-host integrations). - Guide partners through KYC documentation processes and regulatory compliance requirements. - Monitor payment flows and flag any inconsistencies or performance degradation across payment channels. - Deliver periodic performance and transaction reports to partners. - Work closely with product, risk, finance, and engineering teams to enhance partner experience and provide feedback. What you will need to have: - 5+ years of experience in payment operations or financial services. - Strong understanding of payment flows and industry standards (e.g., 3DS, PCI-DSS, chargebacks). - Familiarity with payment gateways, acquiring, issuing, and payment APIs. - Experience with support tools and reporting tools. - Bachelors degree in a relevant field or an equivalent combination of education, work, and/or military experience. What would be great to have: - 7+ years of relevant experience in payment operations. - Proven track record of managing SLAs and prioritizing tasks. - Ability to stay composed under pressure and manage multiple projects simultaneously. - Excellent communication and problem-solving skills.

Provide guidance and direction to the planning process and the execution of fieldwork such as overseeing interviews and walkthroughs, reviewing materials, the design and execution of audit testing, analyzing results, drawing conclusions within the allotted time scheduled. Manage the audit lifecycle, staffing, scheduling, methodology and approach to testing and fieldwork and finally, the quality and timeliness of all work products you oversee. You will be expected to provide weekly, monthly, or periodic status reporting and work with the CAAS leadership team to ensure the appropriate allocation and assignment of resources. Assist the Audit Director in the development and mentoring of Senior and Staff Auditors by providing regular and timely feedback regarding their execution of tasks performed during each audit engagement and their overall performance. What you will need to have: 7+ years of audit experience applying Auditing principles, methodology and standards in a risk-based environment across a variety of audit areas at varying degrees of complexity 5 + years of financial services industry experience and/or experience working in a public accounting firm 2+ years of experience managing other professionals Active professional Audit certification such as CPA, CIA, CISA, CFE Bachelors degree or an equivalent combination of education, work, and/or military experience What would be great to have: Experience working with risk assessment methodologies, control activities, control monitoring, control evaluations and measurement of control effectiveness in accordance with regulatory compliance requirements such as corporate governance, consumer protection, AML/CTF and Financial Crimes, data protection/data privacy, ethics or conduct risk Important info about this role: Were better together. This role is fully on-site. This is a full-time, direct-hire position, and no contract options for unsolicited agency submissions will be considered.

Should be able to direct/execute audit project independently (covering planning, fieldwork and reporting stages of audits) Lead a variety of moderately complex to complex IT focused audits including IT governance, service and project delivery, audits of IT technical domains such as networks, infrastructure, and applications. Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas Planning, conducting walkthroughs, drafting process understanding and relevant controls. Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls Documenting and Reviewing Test of Designs and Test of Effectiveness controls. Perform analytical procedures/analysis to test the effectiveness of controls. Document audit procedures and cross reference working papers. Create management representation letter comments and recommendations and draft audit reports for management review. Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., Validations of audit issues. Conducting special reviews. What will you need to know: Desired qualification: Computer Services engineering/ BSc/MSc-IT / BCA/MCA degree [with an emphasis in information technology or equivalent degree] Experience: at least 6 to 8 years of IT Audit experience in assessing technology/IT controls and have experience in Internal Audit, Compliance & Risk Advisory services preferably in Banking and Financial services domain. Experience in auditing IT Internal controls, IT risk mitigation and technology related processes reviews. Good experience in IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. Good client interfacing skills, drafting skills, communication, and interpersonal skills. Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.)

Project Management Working as a team leader & resource management. Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas Conduct comprehensive Cyber and Technology controls audits, IT General controls (ITGC) audits. Planning, conducting technology domain/controls related walkthroughs, drafting, and reviewing process understanding and its controls. Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls Reviewing Test of Designs and Test of Effectiveness controls Perform analytical procedures/analysis to test the effectiveness of controls. Document audit procedures and cross reference working papers. Create management representation letter comments and recommendations and draft audit reports for management review. Validations of audit issues. Conducting special reviews / investigations. Carrying out audit planning including scheduling and resource allocation Conducting discussions with Management representatives on the audit observations/ findings and preparation of Audit Committee Submissions. Conducting internal staff trainings Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., What will you need to know: Experience: At least 5 years of managerial experience (overall 10 years of IT Audit experience) in the areas of IT Internal Audit, ITGC, Cyber security, Infrastructure/Network, Compliance & Risk Advisory services preferably in Banking and Financial services domain. Should possess strong understanding, capability and skillsets in auditing IT controls, IT risk mitigation and technology related processes reviews. Should be proficient and have good knowledge in testing IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. Good client interfacing skills, team management and drafting skills. Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.)

Job Posting Title: Internal Audit IT Location: Thane What does a successful Internal Audit IT do at FISERV? Efficiently manage and conduct the audit projects as per The Institute of Internal Auditors standards and in accordance with Fiserv global Internal Audit framework and methodologies. What will you do: Project Management Working as a team leader & resource management. Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas Conduct comprehensive Cyber and Technology controls audits, IT General controls (ITGC) audits. Planning, conducting technology domain/controls related walkthroughs, drafting, and reviewing process understanding and its controls. Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls Reviewing Test of Designs and Test of Effectiveness controls Perform analytical procedures/analysis to test the effectiveness of controls. Document audit procedures and cross reference working papers. Create management representation letter comments and recommendations and draft audit reports for management review. Validations of audit issues. Conducting special reviews / investigations. Carrying out audit planning including scheduling and resource allocation Conducting discussions with Management representatives on the audit observations/ findings and preparation of Audit Committee Submissions. Conducting internal staff trainings Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., What will you need to know: Experience: At least 5 years of managerial experience (overall 10 years of IT Audit experience) in the areas of IT Internal Audit, ITGC, Cyber security, Infrastructure/Network, Compliance & Risk Advisory services preferably in Banking and Financial services domain. Should possess strong understanding, capability and skillsets in auditing IT controls, IT risk mitigation and technology related processes reviews. Should be proficient and have good knowledge in testing IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. Good client interfacing skills, team management and drafting skills. Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.) What would be great to have: Desired certifications: CISA / CISSP / CISM / CCNA certified professionals Qualification: Computer Services engineering/ BSc/MSc-IT / BCA/MCA degree [with an emphasis in information technology or equivalent degree]

We are seeking an experienced Senior Information Security Manager to lead our security initiatives and ensure the integrity, confidentiality, and availability of our systems and data. This role is crucial in safeguarding our digital assets and maintaining compliance with industry standards. 1.Should take care of Infosec functions by coordinating with various stakeholders 2. Lead and manage Vulnerability Assessment (VA) and Penetration Testing (PT) programs end to end. 3. Should have technical hands-on knowledge on different VAPT tools, like Qualys, Tenable, BurpSuite, Checkmarx etc. 4.Ensure all cyber security compliance directions issued from time to time by the regulator 5.Coordination with SOC, Technology team to follow up the incidents till closure 6.Follow escalation matrix for delayed issues 7.Assist in Internal and External Audits (Regulatory) and work towards closure of observations if any 8. Should have project management espouse, to run the security PMO for ensuring the multiple initiatives with internal / external teams, vendors, and regulators. 9. Prepare and review new/existing policies, procedures, and secure configure/ hardening documents. 10. Should possess technical skills and knowledge to handle/manage security solutions if required 11. Exposure to Cloud Environment 12. Knowledge of Application Security is a plus. Qualifications and Experience: 1. 15-18 years of experience in security management. 2. Strong understanding of security best practices, frameworks, and security technologies. 3. Proven experience in managing VA, PT, Patch Management, and Audit processes. 4. Familiarity with regulatory requirements and compliance standards (e.g., RBI, SEBI). 5. Demonstrated experience in project management, including planning, execution, and stakeholder management. 6. Excellent communication, interpersonal, and leadership skills. 7. Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Masters degree or relevant certifications preferred.

About Us: Paytm Money is a leading digital investment platform dedicated to providing secure and innovative financial solutions to our users. We prioritize the protection of our customers' data and assets through robust security practices. Role Overview: We are seeking an experienced Information Security Manager to lead our security initiatives and ensure the integrity, confidentiality, and availability of our systems and data. This role is crucial in safeguarding our digital assets and maintaining compliance with industry standards. 1.Should take care of Infosec functions by coordinating with various stakeholders 2.Drive VAPT activity end to end 3.Attend all cyber security compliance directions issued from time to time by the regulator 4.Coordination with SOC & CISO team to follow up the incidents till closure 5.Follow escalation matrix for delayed issues 6.Assist in Internal and External Audits (Regulatory) and work towards closure of observations if any 7. Prepare and review new/existing policies, procedures 8. Should possess technical skills and knowledge to handle/manage security solutions if required 9. Exposure to Cloud Environment 10. Knowledge of Application Security is a plus. Qualifications: * Experience: 7+ years of experience in information security or related fields, with a proven track record in managing security programs. * Technical Skills: Strong understanding of security frameworks, tools, and technologies, including firewalls, intrusion detection systems, and encryption. * Certifications: Relevant security certifications such as CISSP, CISM, or equivalent are highly desirable. * Analytical Skills: Excellent analytical and problem-solving skills to assess complex security issues and develop effective solutions. * Communication: Strong communication skills to effectively convey security concepts and collaborate with cross-functional teams. * Education: Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field. Masters degree or relevant certifications preferred. What We Offer: A dynamic and innovative work environment. Opportunity to make a significant impact on the security landscape of a leading fintech platform. Competitive salary and comprehensive benefits package.

We are seeking an experienced Director of Cyber Defense to lead and enhance ourorganization s cybersecurity capabilities. This role is responsible for overseeing the Security Operations Centre (SOC), Attack Surface Management, Incident Response and Crisis Management, and Dark Web Monitoring. The ideal candidate must have solid Cyber Defense practitioner experience and a proven track record of 15+ years in Cyber Security, with 5+ years leading cybersecurity teams and driving strategic security initiatives. Key Responsibilities Lead and mature the 24/7 Security Operations Centre (SOC) to detect, analyze, and respond to cyber threats in real-time. Establish playbooks, escalation procedures, and cross-functional coordination for handling critical security incidents. Dive deep into technical aspects of escalated incidents, in partnership with other Cyber Defense leads and cross functional peers Direct Incident Response (IR) and Crisis Management efforts, ensuring rapid containment, mitigation, and recovery from cyber incidents. Lead forensic investigations and post-incident reviews to improve security posture and prevent recurrence. Oversee Attack Surface Management to continuously assess, monitor, and reduce the organization s exposure to cyber risks. Oversee Dark Web Monitoring initiatives to identify and assess leaked credentials, insider threats, and external attack indicators. Collaborate with Threat Intelligence teams to track adversary tactics, techniques, and procedures (TTPs). Develop and execute a Cyber Defense strategy, aligning security operations with business objectives. Manage, mentor, and grow a team of cybersecurity professionals across SOC and Cyber Defense functions. Partner with IT, Risk, Legal, and Compliance teams to ensure alignment with security frameworks and regulations. Present key cyber risk metrics, threat trends, and program updates to executive leadership. Qualifications Experience 15+ years of overall experience including 5+ years leading cybersecurity teams in SOC and/or Cyber Defense Strong leadership and crisis management skills with experience handling major security incidents and executive-level communications. Deep expertise in MITRE ATTCK, threat intelligence frameworks, adversary emulation, and digital forensics. Proficiency working with cloud service providers such as AWS, Azure, GCP and must be able to demonstrate ability to effectively conduct IR on incidents within these cloud environments Proficiency in SIEM, SOAR, EDR/XDR Experience implementing cyber defense strategies in large-scale enterprise environments. Familiarity with regulatory requirements and compliance frameworks (NIST, CIS, ISO 27001, GDPR, etc). Strong knowledge of offensive security techniques and how to defend against them. Preferred Certifications CISSP, CISM, GIAC (GCTI, GCIH, GCFA, GNFA, GDAT), CCSP, or equivalent. AWS/Azure/GCP Security certifications are a plus

Cyber & Information Security team is seeking a Third-Party Security Analyst. Reporting to the Director of Cyber & Information Security, the analyst will perform third-party security assessments. You will work with a team of professional Security Analysts leveraging Next Gen security tools to perform the full lifecycle of third-party reviews from onboarding to real-time monitoring of vendors and suppliers. Responsibilities, Functions and Duties : - Conduct technical security assessments of third-party vendors, suppliers and partners by reviewing their security controls, adherence to regulations, compliance and contracts. - Analyze third-party security assessment findings and document security risks within the management software for tracking of risk reporting. - Coordinate with various stakeholders to verify and remediate security risk findings. - Develop KRIs and KPIs around third-party risk assessments and the remediation of key findings. - Develop, Update, and Publish Policies and Standard Operating Procedures for third-party risk management. - Continuously monitor for active vulnerabilities and cyber events against our vendors and suppliers. - Participate in third-party cyber incident response by reaching out to impacted vendors and tracking remediation. - Be an ambassador for Cyber & Information Security within Crum & Forster. Requirements Knowledge and Requirements : - Previous experience performing technical security audits or third-party assessments. - Understanding of current Cyber Vulnerabilities & threats. - Knowledge of security assessments (SOC reports, ISO/NIST, vulnerability and pen testing assessments). - Fundamental understanding of system and network security principles and technology. - Ability to interface with a wide audience of technical and non-technical personnel. Cyber 3rd Party Risk Analyst - Ability to prioritize and manage workloads and deadlines. - Excellent written and verbal communication skills. - Self-starter who is motivated and driven to learn. - Bachelors degree in a technical discipline or equivalent experience Preferred Qualifications : - Prior experience and/or certifications in AWS, Azure, and/or GCP. - Experience in performing third-party assessments of SaaS providers and vendors operating in cloud environments. - Experience performing risk assessments. - Any Security focused Certifications. - 3-5 year Cybersecurity related experience.

Information Security Governance Risk and Compliance Associate Manager Job Type: Full Time Reports to: Director of Information Security & IT Governance POSITION OVERVIEW This Information Security GRC Expert Associate Manager contributes to Morae success by implementing, and maintaining people, process and technology-oriented policies, procedures, and controls to ensure ongoing security and compliance of Morae s innovative technology solutions and information assets. As a part of highly skilled Information Security team the role will focus on all areas of information security governance, risk, and compliance for both our corporate IT environment as well as our innovative client technology solutions serving some of the world s largest corporations. The role will concentrate on maintaining both technology and procedural aspects of our ISO27001 and SOC 2 Type II Regimes, Client Security Compliance, Third Party Risk Management, and Staff Security Awareness efforts. In addition, the role will contribute to defining and developing both process and toolsets for Data Classification, Data Loss Prevention, Data Privacy and Data Segregation in our environments. Working closely with Director of Information Security, global security operations and wider technology teams GRC Associate Manager will contribute to development and review of Global Information Security Strategy, IT Risk Registers and support the work of Risk Management Committee. The GRC Associate Manager will be coaching and developing junior members of Information Security GRC team. We are looking strong Information Security expert ready to develop both their technical and GRC skillset to step up their career onto strategic management level. KEY RESPONSIBILITIES: Contribute to maintenance and development of information security systems, policies and procedures through implementation and maintenance of policies and identification of gaps or non-compliance. Assist with the development, implementation, and improvement of the Morae Global technical security processes. Ensuring Morae Global policies, applicable standards, customer requirements and best practices are being followed. Supporting the delivery of information security projects and initiatives. Represent Morae Global in a professional and productive way while delivering the best in service to our clients and during interactions with both clients and suppliers. Supporting the wider information security and technology team on providing a responsive and pragmatic approach to day-to-day security issues and broader strategic initiatives Ensure security documents are controlled, reviewed, and updated in line with various contractual and regulatory requirements. Develop and lead global information security awareness activities. Deliver related security communication across the organisation as required. Capturing evidence to support audit and compliance requirements. Provide support in responding to client security requests and client assurance assessments and audits. Refine and maintain security dashboards and reports to support the production of security metrics and quarterly security reporting. Initiate continuous improvement ideas and suggestions to increase efficiencies. Actively participate in wider, internal, and external information security initiatives. SKILLS/EXPERIENCE: Bachelor s degree and 5+ years of experience of working with security, privacy and legal in a regulated environment. Manage relationships with senior stakeholders in support of technology. Demonstrable experience of implementing ISO27001 and SOC 2 Type II Security compliance frameworks. Demonstrable experience and knowledge of Data Governance, Data Classification, Data Loss Prevention technical and process implementations. Experience in Data Privacy Regulatory Compliance implementations GDPR, POPI, DPDP. Excellent English language written and verbal communication skills. Ability to write clear and concise policy documentation. Strong communication and presentation skills. Collaboration and conflict management skills. Experience in legal sector, eDiscovery and Document Management architecture would be advantageous. Understanding of IT systems and security tools, including methods, procedures, equipment, and software used for delivery. Planning, and strategic management skills. Why Morae? Morae s approach to employee development is unique in the marketplace. At Morae employees are given opportunities to progress at their own pace and to influence the course of their professional growth. This includes having the opportunity to earn a client facing role or even an oversight role within their first year! About Morae: Morae is a dynamic, high-growth organization that provides an integrated suite of solutions to corporate law departments and law firms, and partners with leading software and services providers, both within and outside the legal industry. We are a young company but are made up of seasoned professionals in the legal industry, with a focus on building productive long-term relationships with employees and clients in an environment where collaboration is encouraged, knowledge is shared freely, and diversity of thought, cultures, communities, and points of view is embraced. Our team has the vision to create an effective solution for any business problem and the experience to execute that vision. Learn more at moraeglobal.com. Our privacy policy can be found here https: / / www.moraeglobal.com / privacy-policy .

We are looking for an experienced governance personal in our Information Technology Team. JOB ROLE The IT Governance specialist is responsible for ensuring the effective management and oversight of IT systems, services, and processes within the organization. This includes developing, implementing, and maintaining IT governance frameworks, policies, and procedures to ensure alignment with industry best practices, regulatory requirements, and organizational objectives. Highlights of this role is to ensure the governance across various area for IT functions, e.g. Information Security compliance, Change management, Agreement Tracking, Incident Management, Software License Management, BCP/DR, Obsolescence Tracking, etc. KEY RESPONSIBILITIES Information security and compliance Develop and maintain IT Governance frameworks, policies and procedures 1. Ensure compliance with relevant laws, regulations, and industry standards (e.g. COBIT, ITIL, ISO 27001, ISO 22301, etc.) 2. Conduct risk assessment and develop mitigation plans to ensure IT Systems and services are secure and resilient. 3. Monitor and report on IT governance metrics 4. Facilitate internal audits and external assessments (e.g. ISO 27001, ISO 22301, etc.) 5. Stay up-to-date with emerging trends and best practices in IT governance. Change Management 1. Manage and coordinate changes through the entire change lifecycle (assessment, planning, implementation, and review) 2. Ensure changes are properly assessed, approved, and prioritized before implementation 3. Develop and maintain change management policies, procedures, and documentations. 4. Communicate changes to stakeholders, including IT staff, management and end-users. 5. Ensure change comply with organizational policies, procedures, and regulatory requirements. 6. Collaborate with IT teams, stakeholders, and vendors to ensure smooth implementation of changes. 7. Develop and maintain change management metrics and reports to measure performance and identify areas of improvements Agreement Tracking 1. Maintain centralized repository of agreements, contracts, and licenses 2. Track and monitor agreement renewals, expirations, and terminations 3. Ensure accurate and up-to-date records, including agreement terms, conditions, and obligations. 4. Provide regular reports and insights to stakeholders on agreement status and performance. 5. Identify and alert stakeholders to potential risks, opportunities, and compliance issues. 6. Collaborate with legal, finance and business teams to ensure agreement alignment and compliance 7. Develop and implement agreement tracking processes and procedures. 8. Ensure compliance with organizational polices, legal requirements, and regulatory standards. 9. Conduct regular audits and quality assurance checks on agreement records. Incident Management 1. Lead the response to critical incident management and ensure effective coordination and communication among all the stakeholders and drive incident call, providing clear direction and updates to all involved parties. 2. Collaborate with IT teams, business unites and external vendors to troubleshoot the incidents. 3. Document all incident details, action taken and resolution in the incident management system and maintain the tracker. 4. Conduct root cause analysis for critical incidents and ensure that corrective actions are implemented to prevent the recurrence. 5. Prepare the monthly and weekly reports and share the same with senior management and Internal Audit team. Software License Management 1. Manage software license and ensure compliance with licensing agreements. 2. Track and monitor software usage, identifying areas of inefficiency and waste. 3. Develop and implement strategies to optimize license utilization. 4. Conduct regular audits to ensure software compliance and minimize risk. 5. Collaborate with IT teams to ensure software deployments align with licensing agreements. 6. Collaborate with finance teams to ensure accurate budgeting and forecasting for software licensing. Business Continuity and Disaster Recovery 1. Develop and maintain business continuity and disaster recovery plans. 2. Develop and maintain BCP/DR calendar, collaborate with cross-functional teams to ensure alignment. 3. Develop and maintain crisis communication plans and protocols. 4. Continuously monitor and update plans to ensure relevance and effectiveness Obsolescence Tracking Maintain a database of components and products with potential obsolescence risks. Collaborate with cross-functional teams to develop and implement obsolescence management strategies Provide regular reports and updates to stakeholders on obsolescence risks and mitigation efforts. Develop and implement processes and procedures for obsolescence tracking and management. Collaborate with design and engineering teams to ensure design-for-obsolescence considerations MANDATORY SKILLS REQUIRED Bachelors degree in Computer Science, Information Technology, or related field. Strong understanding of IT governance frameworks, standards, and best practices. Ability to work with complex data and provide actionable insights. Ability to analyze complex technical and business issues and develop effective solutions. DESIRABLE SKILLS Strong understanding of supply chain management, or a related field. Professional certifications (e.g. CISA, CISM, CISSP, COBIT). Experience with change management tools and software (e.g., ServiceNow, JIRA, etc.) Experience with data analysis and reporting tools (e.g. Excel, Tableau, etc.)

The first line Tech Risk function for business divisions CB, IB and Ops at Deutsche Bank sits within the Divisional Control Office. CB and IB front-to-back have the largest footprint as a risk bearing function within the banking divisions, and you will be part of a dynamic team which is consistently in demand for providing insights, assessments and managing Information Technology (IT) and Information Systems (IS) risks on behalf of the business. Divisional Control Office (DCO) team ensures that the division operates with high levels of integrity. It is responsible for supporting the business by developing, implementing and maintaining a risk culture to ensure a strong and sustainable business control environment whilst minimizing risk arising from non-financial risk factors. DCO strategy includes improving the risk management information and strengthening the governance and risk culture and has a functional responsibility for providing a central point of oversight over the Risk & Control Assessments (RCA). This includes supporting the business by driving Risk & Control Assessment specifically focusing on Information Security (IS) / Information Technology (IT) risks in line with NFRM (2LOD) guidelines. RCA is a key component of the bank's non-financial risk management toolkit, to enable the effective profiling, monitoring and management of operational risks. As part of the team, you will join the Banks journey and contribute towards our strategic goal of managing technology risk within appetite whilst enabling adoption of emerging and new technologies for business growth. This role will specifically perform RCAs as related to the IB business. Knowledge of IB products/operations is a big plus Your key responsibilities Collaborate with businesses and support them in conducting Risk & Control Assessments as per NFRM guidelines specifically focusing on Information Security (IS) / Information Technology (IT) risks Analyze contextual data and relevant data triggers and determine or update risk profile, inherent risk, control environment and residual risk ratings along with supporting rationale, liaising with Risk Types SMEs in their business Ability to assess impact of control environment on inherent risk along with documentation of qualitative assessment Participate in 1LoD-led RCA meetings for business to drive the risk discussions, focusing on key or emerging risks that may impact the business Coordinate with businesses/2LoD and assist in 2LoD challenges Prepare RCA reports and obtain business sign-offs Document risk mitigation decisions, if required, with consideration of risk appetite Deliver high quality Global Governance decks and reporting trends to support senior management Your skills and experience CISA/CRISC or relevant security qualifications with experience of Risk & Controls and/or Internal Audit in banking industry covering Information Security (IS) / Information Technology (IT) risks Experience in SOX/ ISO27001 control framework Knowledge related to risk management (including conducting Risk & Control Assessments) and corporate banking products, processes and systems preferred, specifically focusing on Information Security (IS) / Information Technology (IT) risks Proven people management skills with ability to lead activities independently Strong quantitative and analytical skills required to critically evaluate information for key risk assessments Strong project management skills and a proactive team partner Influencing, negotiation skills and stakeholder management expertise Strong verbal and written communication skills Proficiency with automating tasks in Excel to improve efficiency a plus, but not mandatory

RARR Technologies is looking for Controls Advisory - IT Risk - Assistant Manager to join our dynamic team and embark on a rewarding career journey. The Assistant Manager in Controls Advisory - IT Risk is responsible for leading and executing IT risk assessments, identifying vulnerabilities, and developing mitigation strategies to safeguard organizational assets. They oversee the implementation of IT controls aligned with regulatory standards and industry best practices, ensuring compliance across all technology domains. The role involves conducting detailed risk analyses, reviewing system and process controls, and advising senior management on potential threats and control deficiencies. They coordinate with internal audit teams to facilitate audits and remediate findings. Additionally, they develop and maintain frameworks for continuous monitoring of IT risks, foster awareness of IT risk management policies across departments, and stay updated on emerging threats and regulatory changes impacting IT security and controls. The position requires strong analytical skills, leadership capabilities, and a comprehensive understanding of IT governance, cybersecurity, and risk management principles to ensure the organization maintains a resilient and secure technology environment.

The role is to provide both the Business Units and IT Management with the assurance and visibility that IT Controls are executed in a controlled and managed way. In addition to the specific responsibilities detailed below, the successful candidate will be expected to demonstrate understanding in other areas of Risk & Control Management including strategies surrounding Process Engineering, Configuration Management, Change, Incident & Problem Management, Non-Conformities and Corrective Actions Management, Risk Identification and Control, Project Management and Tools and Methods. Responsibilities Direct Responsibilities Conduct periodic controls assessments across process areas in scope. Raise any non-compliance, and follow up of the corrective actions until closure. Liaise with global and local IT control areas to ensure their certification is timely and appropriate. Perform periodic Root Cause Analysis of process issues and non-compliances at Project and Application Domain level. Ensure that the exercise is planned, executed effectively and reported to appropriate level. Participate in minimising production risks and issues, including but not exclusively, by helping to devise, and by implementing, sufficient regular controls. Ensure appropriate escalation to management and/or Permanent Control (or Compliance as appropriate) as soon as an issue is identified. The enforcement of Permanent Controls, providing ongoing risk & controls self-assessment status of the control environment. Contribute all relevant management information (KPIs/KRIs) to the various scope reports/dashboards. Assist with Historical Incident management process, including liaising with various stakeholders involved, root cause analysis and impact evaluation. Contributing Responsibilities Contribute to the upkeep and maintenance of the ISPL Permanent Control Framework Maintaining relevant Operational Permanent Control (OPC IT) processes and procedures Technical & Behavioral Competencies Good knowledge of IT Risk & Audit domain with focus on Internal and/or External Audits. Good understanding of IT Controls Framework and experience executing controls. Understanding of IT Software, IT Infrastructure and IT Service Management domain is a value add. Strong analysis & problem solving skills Structured and methodical mindset Proactive approach with a strong ability to work on own initiative Ownership of work and commitment to delivery Can do attitude Team oriented (both local and global) Good interpersonal and communication skills Big picture awareness make relationships between tactical issues and strategic options Client focused Pragmatic and creative approach Specific Qualifications (if required) Skills Referential Behavioural Skills : (Please select up to 4 skills) Attention to detail / rigor Communication skills - oral & written Personal Impact / Ability to influence Critical thinking Transversal Skills: (Please select up to 5 skills) Analytical Ability Ability to manage / facilitate a meeting, seminar, committee, training Ability to understand, explain and support change Ability to develop and leverage networks Ability to develop and adapt a process Education Level: Bachelor Degree or equivalent Experience Level At least 5 years Other/Specific Qualifications (if required) None