297 It Risk Jobs - Page 8

Some careers open more doors than others. If you re looking for a career that will unlock new opportunities, join HSBC and experience the possibilities. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. Our GCIO organisation plays a critical role for the bank. This team partners with the businesses to build the platforms, systems, and products that our customers use every day. We keep people s money and data safe, and are at the forefront of driving innovation for our businesses, customers, and colleagues. Principal Responsibilities The IT Risk and Control Manager is to manage the assessments by working with IT teams to ensure accurate and quality information is provided to the Regulators. Manage relationship with CIOs / CISO/ Heads of IT. Function as Risk Point of Contact for CIO , COO, Internal and External Auditors Drive Audit and regulatory planning and execution Liaison with 2nd and 3rd line of defence including IT Security, Operational Risk, Compliance, CISO, Internal Audit etc Drive standardization of collaboration model among IT and Chief Control Office Drive governance and reporting standards. Manage thematic reviews / investigations / compliance reviews in response to internal or external events Engage with the business to identify, measure, mitigate, monitor, and report risk Drive issues and actions management along with remediation activities Improve existing audit planning and execution processes and reporting Improve existing issues and actions mgmt. processes and reporting Perform thematic reviews / investigations / compliance reviews in response to internal or external events To continually re-assess the operational risks inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures, management restructures, and the impact of new technology. Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators. Understands, follows and demonstrates compliance with all relevant internal and external rules, regulations and procedures that apply to the conduct of the business in which the jobholder is involved, specifically Internal Controls and any Compliance policy including, inter alia, the Group Compliance policy. Requirements Engineering Background preferrable 7-8+ years of work experience related to the banking and financial services organization Relevant experience in managing IT risk function Relevant experience in managing audits and facing off the regulators Strong communication, negotiation / influencing and presentation skills Ability to handle crisis situations and take appropriate / timely decisions Ability to work well under pressure with high degree of accuracy Self-driven Overall IT experience across all domains Experience of working within a matrix environment preferred Excellent communication and inter-personal skills, with experience of dealing with executives at all levels Strong team working ethic- actively contributes to the team, leading by example. Helps to maintain a co-operative, conscientious and customer focused environment Self-Motivated and having the ability to work in a highly challenging environment

Audit helps the Board and Executive Management meet the strategic and operational objectives of the DBS Group. We conduct independent checks to ensure that the Group s risk and control processes are adequate and effective. All our team members are highly sought-after professionals who work as trusted advisors to our clients, in all matters related to a company s internal controls. Responsibilities Conduct end-to-end audits of Global Transactions Services (Trade, Cash & Securities and Fiduciary Services) risk, product and processes. Evaluate the design and operating effectiveness of processes and controls and develop appropriate tests to be conducted and ascertain the level of testing of controls required Effective execution audit fieldwork for assigned areas in depth testing, data analytics where applicable Escalate issues appropriately and timely. Ensure concise and clear audit findings and reports are presented on a timely basis. Keep abreast on the development of regulatory, industry and product development through continuous monitoring and auditing. Requirements At least 6 years of relevant auditing experience in Payments, Trade and Custody business &operations and/or with relevant GTS (Trade & Cash) product and operations experience. Strong knowledge on transaction banking products (cash management, trade finance and securities and fiduciary services), and the related operations, regulatory requirements and compliance practices (including FEMA and AML) Reasonable knowledge in Corporate Banking application controls is required. Candidate that can demonstrate auditing knowledge in Corporate banking context will be an added advantage. Should be IT savvy - Knowledge of APIs and data analytics, experience of risk-based auditing and clearly understand the relationship between IT risk and underlying business risk would be beneficial. Candidate must have excellent written and verbal communication skills in English, can communicate with clarity, both orally and in writing, in a logical order and with a structured approach. Ability to multi-task assignments, prioritize workload with limited supervision and be resilient under pressure when faced with tight deadlines. Auditing, Global Transaction Services Cash & Trade KYC/AML Credit Working knowledge of core banking (e.g. Finacle), SWIFT and Digital payment systems will be preferred. CA/MBA (or equivalent) from an accredited college or university (or equivalent) Professional/industry recognized qualifications e.g. ACAMS, CDCS, CFE are highly beneficial.

Position Purpose Located within the RISK Function of BNP Paribas (BNPP), the role of the Data Protection Correspondent (DPC) is to ensure that the components of the operational risk management framework are implemented and operating effectively within ISPL, and to provide RISK ORM management and Business senior management with relevant, synthetic, transparent, exhaustive and consistent information and a front-to-back view of operational risk across ISPL activities. To achieve this objective, this 2nd line of defense (LOD2) role works closely with RISK ORM Regional and Central teams and with ISPL management and stakeholders. The DPC provides expertise on personal data protection related topics in accordance with the relevant RACI. India DPC must assist India Data Protection Officer (DPO) in supervising the compliance of projects and with legal and regulatory personal data protection requirements throughout the APAC region as well as the Groups and APAC personal data protection policies. RISK ORM ISPL mandate is to independently challenge and supervise the operational risk management framework of ISPL activities as described in level 2 procedure Organizational framework and governance for Operational Risk Management & Permanent Control Framework. This includes control framework adequacy checks, independent challenge, proximity with the business and contribution to the sign-off process on key decisions. The DPC is to ensure second level controls by providing the required supervision and assistance to the 1st Line of Defense Due to the global and regional models applied by the BNP Paribas (BNPP) activities outsourced to ISPL, the role covers the contribution as well to reviews, control testing, analysis and reports carried out under the supervision of the APAC DPO Regional teams. Responsibilities Direct Responsibilities To contribute to relevant personal data protection activities realization To guarantee required norms and methods definition and application to a companys good data protection risks apprehension (follow-up of projects, information systems adaptation, declarations conception and maintenance, subcontractors contracts analysis, follow-up on control plans reporting, etc.) To guarantee advice and assistance to strategical program ongoing. To support the implementation of the privacy strategy defined by DPO To assist the DPO in the supervision and monitoring of implementation of the Group's Data Protection policies and guidelines, bearing the local regulatory requirements in mind, to ensure consistency To define action plans and corrections related, and to ensure application of the same To alert DPO when activity is under operational risk (non-appropriateness between needs and resources, etc.), to propose correction solutions and to implement those solutions To contribute to continuous efficiency improvement and to any optimization process. To contribute to operational collaborative activities To support and assist APAC DPO team for control campaigns, typical DPO and RISK ORM activities in BAU (e.g. RCSA check & challenge, data breach assessments, project and third-party risk assessment support see below), but also in case of emergencies and escalated issues To contribute to permanent control actions To contribute to perform LOD2 controls and challenge LOD1 To contribute to perform the check and challenge of the RCSA To contribute to RISK ID exercise To contribute to OR&C report To ensure professional network development To participate in local Data Protection Committees when requested by the DPO To contribute to Internal Control Committee To collaborate with local CROs and RISK teams Contributing Responsibilities To assist the DPO on exchanges with the authorities in charge of the protection of personal data under the responsibility of the DPO To assist the DPO in the supervision and implementation of Privacy by Design principles throughout the lifecycle of all projects, activities, products, services, processes and systems To contribute to role development by validating data protection requirements for new activities, new products, services or specific operations, and to carry technical assistance To receive, process and advise internal and external local solicitations about data protection To receive, process and advise requests from data subjects, subcontractors and partners etc. To itemize existing processes and identify breaches regarding data protection requirements using your broad knowledge on APAC-wide local regulation (at minimum: Indias new DPDPA & GDPR requirements To contribute to perform risk assessment on personal data breaches To assist the DPO in monitoring documentation, e.g. the RoPA (Register of Processing Activities) To contribute to the identification and notification process for data protection violations according to defined procedures and local legal requirements To realize effectiveness for data protection controls and to ensure expected reporting To ensure regular reporting to DPO about the activity To contribute to the creation and implementation of awareness programs and to the promotion of a culture of protection of personal data within the scope of responsibility. * DPO may refer to India DPO or APAC DPO or Business Line DPO as the case may be reflecting a matrix organization while maintaining a direct reporting to the India DPO Technical & Behavioral Competencies Knowledge (Required to exercise the position) Level * To know standards and norms about data protection 1 Know-how (implementation of technics, methods, tools to achieve activities) Level * Technics To know how to assess maturity level of the existing facility about Data Privacy 1 Transverse To have a professional face-to-face or phone discussion with an overseas colleague 1 To prioritize 1 To efficiently manage several topics at the same time 1 To issue advice / recommendation considering every parameter 1 To have an efficient speaking communication 1 Tools To work with BNP Paribas tools (e.g. Data Protection Hub, RISK360) 2 Behavioral and soft skills To efficiently multi-task with topics and maintain attention to detail / rigor 1 To issue advice / recommendation considering all parameters 1 To have efficient communication skills (oral & written) 1 To conceptualize / formalize an idea, a process or a project 2 To work as a team / transversally 1 To identify and analyse risks for the activities that are handled 1 To assess, issue an opinion 1 To deploy a strategy and to define an action plan 2 To animate resources and coordinate their intervention 1 To show diplomacy to allow a message to be heard 1 To show conviction, to generate interlocutors acceptance 1 Being able to anticipate and come up with ideas 2 Creativity and innovation 2 To show discretion about delicate and / or confidential topics 1 Ability to manage conflict 2 To integrate multicultural dimension 1 * Level: Level 1: Deep Level 2: Intermediary Level 3: Basic Specific Qualifications Legal background with IAPP Certification (CIPP/E) or equivalent Skills Referential Behavioural Skills : (Please select up to 4 skills) Communication skills - oral & written Attention to detail / rigor Creativity & Innovation / Problem solving Client focused Transversal Skills: (Please select up to 5 skills) Analytical Ability Ability to develop and leverage networks Ability to develop and adapt a process Ability to understand, explain and support change Ability to set up relevant performance indicators Education Level: Bachelor Degree or equivalent Experience Level At least 5 years Other/Specific Qualifications (if required) Business Skills 1. Data Protection 2. Risk knowledge and awareness 3. Risk anticipation 4. Data quality & Security 5. Regulatory 6. Business analytics 7. New Technologies and Digital Law [IT/IP] 8. IT risk and cyber security .

Job Description Summary As part of GEs IT Risk Identity & Access Management team, this individual will contribute to the definition and implementation of the next generation of Identity & Access Management tools and policies across GE. This individual will integrate with new and existing initiatives across GE Digital to drive the IT Risk & Security requirements and policies from design through implementation. Job Description Roles and Responsibilities We are seeking a skilled and motivated Mid-Level Single Sign-On (SSO) Engineer with experience in Ping Identity solutions to join our team. The ideal candidate will have a strong background in identity and access management (IAM) and be proficient in implementing and managing SSO solutions. Education Qualification Bachelors Degree in Computer Science or STEM Majors (Science, Technology, Engineering and Math) with advanced experience. Responsibilities: Develop, engineer, integrate, and implement single sign-on solutions using Ping Identity products (PingFederate, PingID, PingAccess). Design and maintain SSO configurations and policies to ensure secure and seamless access to applications. Collaborate with cross-functional teams to gather requirements and deliver SSO solutions that meet business needs. Troubleshoot and resolve issues related to SSO and IAM systems. Monitor and optimize the performance of SSO solutions. Stay updated with the latest trends and technologies in IAM and SSO. Requirements: Bachelors degree in Computer Science, Information Technology, or a related field. 3-5 years of experience in IAM and SSO technologies, with a focus on Ping Identity solutions. Proficiency in authentication protocols such as SAML, OAuth, and OpenID Connect. Experience with Active Directory Federation Services (ADFS) and other federation services. Strong problem-solving skills and the ability to work independently and as part of a team. Excellent communication skills and the ability to explain technical concepts to non-technical stakeholders. Preferred Qualifications: Experience with multi-factor authentication (MFA) solutions. Knowledge of cloud-based IAM solutions. Certification in Ping Identity products. Inclusion and Diversity GE HealthCare is an Equal Opportunity Employer where inclusion Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership - always with unyielding integrity. Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you d expect from an organization with global strength and scale, and you ll be surrounded by career opportunities in a culture that fosters care, collaboration and support. Relocation Assistance Provided: No

Cyber Security Auditor Location: Mumbai Leading Bank Work From office mail at manjeet.kaur@mounttalent.com whatsap at 8384077438 Roles and Responsibilities 4 years of experience (upto 12 yrs.) in the field of information security operations, Information System Audits encompassing experience into any of the Banking Technologies Domains Application Security, Database management and administration, / Network security and SOC / Payment systems in addition to IT General controls (ITGC). Exposure to the Banking / Finance / Payment industry domains would be preferrable. Hands-on experience in the following areas: Writing Information security policies, procedures, and processes Conducting risk assessment covering Cyber Security domains as noted below: Application Security: Mobile application assessment, OWASP security practices for applications, VA/PT/AppSec, source-code review, black/grey/white box testing, application SDLC, Strong knowledge of programming languages for applications. Database Security: Database administration and management - Oracle, MS SQL etc., Database Activity Monitoring tools, data security and localization. Payments Systems Security: Understand payment systems and architecture such as SWIFT, UPI, IMPS, ATM, Internet Banking, Mobile Banking, Core Banking System, payment gateway, ATM switch and terminal. Experience in PCI DSS implementation/assessment and ATM end-point security and Cards data security and operations. Networks Security: Managing firewalls, routers, proxy, WAF, email filtering, DLP, DDoS protection, data encryption, IPS/IDS, Incident response and investigate security breaches, VA-PT for networks. Security Operations Centre- Implementation and review. IT General Controls: Familiarity with Technical Security controls of Identity & Access Management, Network, Server, Application, Change management, Backup and Restoration etc. and process controls reviews. Understand BCP and DR processes and architecture. Experience in conducting reviews based on ISO standards and regulatory guidelines in banking sector for a medium to large sized organization would be preferred. Experience in conducting Information System Audits Must have experience in preparing quality deliverables such as audit reports, presentations etc. Excellent written, oral communication and presentation skills Excellent organizational and interpersonal skills Ability to work independently or as part of a team Information technology / Banking and Financial services / Auditing / Cyber Security consulting Candidate will have to travel extensively within Mumbai and across the country for performing audits, as per RBI requirements. Conducting audit of Information security policies, procedures, and processes to identify process/design gaps. Conduct audits of information security systems and infrastructure to verify systems are secure and support the related applications/business processes. Conducts audits in different banking technology domains such as Active Directory, WAF, Network access security, End-point security, Application VA/PT/AppSec, SDLC, Database management and security, PCI-DSS, ATM controls, Cards (Debit/Credit) security, Payment-gateway, Cloud and API Security and IT General Controls etc. Additional weightage will be given to candidates with experience in domains such as Cloud Security, API security. Developing project plans, work programs, evaluating system controls, identify risks and audit gaps, documenting results in proper audit report format, making recommendations, and communicating information to stakeholders. Support in maintaining audit checklist and documents, trend analysis, preparing presentations etc. Should be a self-learner and must keep updated with the latest security guidelines issued by regulators, international standards for information security, threats and vulnerabilities researched/discovered. Research public domain to keep up to date knowledge on latest banking applications / technologies and emerging technologies Cloud, Virtualisation, AI-ML, IOT etc. and ensure continuous learning in identified security competencies and new/emerging technologies. Experience into people management / team management will be preferred.

Job Title: IT Security & Audit Compliance Analyst Location: Mumbai, Thane Experience Required: 1 to 3 Years Employment Type: Full-Time Job Description: We are seeking a highly motivated and detail-oriented IT Security & Audit Compliance Analyst to support end-to-end audit, compliance, and security operations across enterprise systems. The ideal candidate will be responsible for managing audit logs, ensuring policy compliance, generating reports, and supporting internal and external audit requirements. Key Responsibilities: Active Directory Audit Logs Management Manage and analyze audit logs for incident troubleshooting Ensure all log-on, log-off, and failed login attempts are captured #ActiveDirectory #AuditLogs #SecurityMonitoring Audit Journal & Security Compliance Reporting Generate, review, and submit audit reports as per schedule Identify and resolve discrepancies and respond to audit queries Ensure timely support for all audit activities (minimum 16 audits per year) #SecurityCompliance #AuditReporting #IncidentManagement User ID Management & Policy Compliance Maintain audit records for user ID approvals, revalidations Manage exceptions for shared IDs and non-expiring passwords #UserIDManagement #AccessControl #PolicyCompliance System Log Management & Retention Enable and manage logging on servers, network, and storage devices Ensure log retention for a minimum of 90 days within client infrastructure #LogRetention #SystemMonitoring #NetworkSecurity Desired Skills: Experience with Active Directory auditing and compliance Strong understanding of IT audit processes and security controls Ability to handle audit queries independently Familiarity with enterprise infrastructure and log management Strong communication and analytical skills #ITSecurity #InfoSec #AuditCompliance #InfrastructureSecurity #ITGovernance Qualifications: Bachelors degree in Computer Science, Information Technology, or a related field 1+ years of relevant experience in IT Security, Audit, or Compliance roles Application Process: Interested candidates are requested to share their updated resume along with the following details: Total Experience: Relevant Experience: Current CTC: Expected CTC: Notice Period: Current Location: Willing to Relocate to Mumbai (Yes/No):

Mega Hiring for IT AUDIT Please send cv on zeenat@contactxndia.com / it@contactxindia.com Call on 9359055605 / 8971092439 Role & responsibilities We are hiring for one of the Big4 for IT Audit Location: Bangalore / Hyderabad Experience : 2 to 10 Years Candidate Should have : T Audit ITGC ITAC SOC1 SOC 2 Candidate should be from well know firm ((Big4 ,Big6 , MNC , Tier1 & 2 Companies ) Responsibilities Roles & responsibilities Mandatory technical & functional skills Experience in evaluating and testing Process level manual, automated controls and General IT Controls.• Experience in evaluating risks across a variety of IT platforms (including ERPs, UNIX/Linux, Windows, Mainframe, iSeries (AS400), SQL, Sybase, Oracle, DB2 and popular Cloud Hosted solutions)• Hands on experience of industry standards and frameworks such as COBIT, COSO, HIPAA etc. preferred. Qualifications Education Qualification : BE/B.Tech, B.Com, BCA, B.Sc, MBA, M.Sc, MCA,M.Tech, CA.•• Work Experience : The candidate must have 2-10years of relevant experience in a similar role, preferably with a Big 4 firm.•Team leading / Performance Management experience for a minimum of 1-2 years. Send cv on zeenat@contactxndia.com Call on 9359055605 Visit our website for more details / positionswww.contactxindia.com Preferred candidate profile

How you'll make an impact: Engaging the third party and driving the ITGC operations across P&A (Platforms and Applications). Review that all the JSOX Controls are executed as per the standards and the required quality is being adhered to by the third party. Defining the key attributes needed to perform the controls effectively. Planning and ensuring that all the audits are completed in a timely manner in Coordination with the Control performers. Liaison between the P&A Application managers and the Control performers. Support Framework transition and optimization. Work out opportunities for efficiency improvements, automated controls, aggregation of controls, etc. Work out concept of internalization of Control Owner. Defining the KPI and come out with adequate measures to reduce the outsourcing costs without reducing the security risks to the applications. Supporting non JSOX audits and defining clear plans with timelines for all identified gaps, working on mitigations. Supporting non JSOX compliance maturity enhancements across P&A. Responsible to ensure compliance with applicable external and internal regulations, procedures, and guidelines. Living Hitachi Energy s core values of safety and integrity, which means taking responsibility for your own actions while caring for your colleagues and the business. Your background: The candidate should have more than 20 years professional experience and more than 15 years in Internal audits The candidate should be a CISA and ISO 27001 Certified The candidate should have extensive experience with compliance service The candidate should have extensive experience in dealing with diverse technological audits The candidate should have experience in dealing with regulatory audits and also have a track record of completing SOX audits testing on time The candidate should have experience in managing large, global and diverse teams include handling third parties The candidate should have worked with senior management, provided and discussed reporting Proficiency in both spoken & written English language is required.

The individual will help in leading building and growing the Technology Risk Team The individual also identifies potential business opportunities and ensures that work is of high quality and is reviewed by the next level reviewer This role also includes working alongside with our global teams to help clients identify and manage their technology risks whilst simultaneously gaining skills to develop a career in a fast growing professional services organization while ensuring exceptional client service quality and delivery. Primary Responsibilities - Manage high quality client service along with engagement risk and project economics including planning and budgeting define deliverable content ensure buy in of proposed solutions from top management levels at the client Plan and execute activities related to the assessing designing and implementation new IT risk and control frameworks sustainable solutions including applying knowledge of governance risk and compliance tools operating processes and people models to address key and evolving risks as necessary Review the work performed by team on test of design operating effectiveness accuracy and completeness of IT General Control IT Application Controls Configurable Non configurable.

Function: Technology Risk - 1 st Line of Defence Industry: Banking & Financial Services (Institutional / Non-Retail) Job Summary: Our Global banking client is seeking a dynamic and technically sound AVP Technology Risk Professional to join, 1st Line of Defence (1LOD) risk function within the Institutional Banking Technology domain. This role requires hands-on experience in IT Risk and Controls, Cybersecurity, and Information Security, with a strong foundation in control testing and monitoring. The ideal candidate will have worked in the banking sector, preferably in a foreign bank, supporting non-retail (institutional) business units and engaging directly with banking and tech regulators across multiple geographies. Please contact Krati Arora or email your cv directly in word format with job reference number: JOB 14995 to Please note that due to the high number of applications only shortlisted candidates will be contacted. If you do not hear from us in the next 5 business days, we regret to inform you that your application for this position was unsuccessful. Apply for this Job Key responsibilities Act as the 1st line owner of technology risk and controls within institutional banking. Conduct control testing and monitoring, ensuring alignment with internal policies and regulatory expectations. Identify, manage, and report non-financial risks; escalate and track risk issues and findings to closure. Collaborate with 2nd line risk and assurance functions to ensure holistic risk coverage. Participating in or lead governance forums and meetings, driving risk discussions with stakeholders. Ensure timely documentation and remediation of audit findings and issues. Maintain compliance with risk governance frameworks, providing evidence of effective control operation. Support teams across 19 geographies, adapting to diverse regulatory and risk environments. Role requirements 8-12 years of experience in IT risk, technology controls, or technology assurance in the BFSI sector. Solid understanding of technology risk frameworks, information security, and cybersecurity principles. Hands-on experience with control design and testing, issue management, and risk assessments. Exposure to working with or managing tech or banking regulatory requirements. Strong stakeholder management and communication skills to engage across levels and functions. Demonstrated ability to think end-to-end in risk processes. Experience working in or with foreign banks and familiarity with global banking regulations Certifications (Preferred but not mandatory): CISA / CISM / CRISC / CISSP / ISO 27001 / or any other relevant industry certifications. Mandatory Requirements: Prior experience in the banking sector (non-negotiable). Understanding of risk and control management in the 1st Line of Defence. Proven capability to manage technology risks in a complex, global banking environment.

Act as the 1st line owner of technology risk and controls within institutional banking. Conduct control testing and monitoring, ensuring alignment with internal policies and regulatory expectations. Identify, manage, and report non-financial risks; escalate and track risk issues and findings to closure. Collaborate with 2nd line risk and assurance functions to ensure holistic risk coverage. Participating in or lead governance forums and meetings, driving risk discussions with stakeholders. Ensure timely documentation and remediation of audit findings and issues. Maintain compliance with risk governance frameworks, providing evidence of effective control operation. Support teams across 19 geographies, adapting to diverse regulatory and risk environments. Role requirements 8-12 years of experience in IT risk, technology controls, or technology assurance in the BFSI sector. Solid understanding of technology risk frameworks, information security, and cybersecurity principles. Hands-on experience with control design and testing, issue management, and risk assessments. Exposure to working with or managing tech or banking regulatory requirements. Strong stakeholder management and communication skills to engage across levels and functions. Demonstrated ability to think end-to-end in risk processes. Experience working in or with foreign banks and familiarity with global banking regulations Certifications (Preferred but not mandatory): CISA / CISM / CRISC / CISSP / ISO 27001 / or any other relevant industry certifications. Mandatory Requirements: Prior experience in the banking sector (non-negotiable). Understanding of risk and control management in the 1st Line of Defence. Proven capability to manage technology risks in a complex, global banking environment.

Summary The Controls Advisory delivers all project and engagement management phases for multiple clients in various industries. Responsibilities include executing business processes, IT control reviews, and activities related to Sarbanes-Oxley 404 and internal audit control projects. Performing work on SOX 404 engagement: conducting tests of control design and operating effectiveness, ensuring high-quality work through complete and accurate testing documentation. Manage a portfolio of engagements by leading a team of Assistant managers, Senior Associates, and Associates/ Analyst Ensure the work delivered is high quality through spot checks, periodic reviews, and quality review/ assurance processes. Ensure established turnaround times and the allotted budget are met. Assist Associate Directors and Directors in developing new methodologies, internal initiatives, marketing collaterals, business proposals, etc. Skills IT General Controls testing (ITGC), including platforms, ERP applications like SAP and databases for i) IT General Controls testing for Internal Audits (IA), ii) Sarbanes-Oxley (SOX) 302, 404 audits, iii) Third party reporting e.g., SOC1, SOC2 etc. iv) Governance, risk, and compliance (GRC) Gaining an understanding of the clients IT applications and infrastructure to determine the effectiveness of the control environment through performing and reviewing process walkthroughs with Experience of Windows, Oracle, SQL, or UNIX environments Knowledge of IT industry practice methodologies (e.g., COSO, COBIT, ITIL) is preferable. Awareness of internal auditing standards issued by IIA, ICAI & ISACA Data analytics support for Internal Audits (IA), Sarbanes-Oxley (SOX) 404 assessments and other advisory services Microsoft office tools (Word, Excel, Access, Power point etc.) with demonstrated ability to coach young team members on the respective tools. Education / Professional Experience/ Qualifications 3 to 5 years of post-qualification experience in risk advisory/ related internal audit/ IT SOX audit experience preferably in big 4 or related business experience. Certified Information Systems Auditor/ Bachelor of Engineering/ B. Tech/ Master s in business administration with major in Information Technology & Systems Internal Audit, Sox Audit, Testing, Risk Advisory

Summary The Controls Advisory delivers all project and engagement management phases for multiple clients in various industries. Responsibilities include executing business processes, IT control reviews, and activities related to Sarbanes-Oxley 404 and internal audit control projects. Manage a portfolio of engagements, by leading a team of Assistant Manages, Senior Associates and Associates/ Analyst Ensure the work delivered is of high quality through spot checks, periodic reviews, quality review/ assurance process. Proactively engage with stakeholders to identify, develop and implement new work areas and enable growth of existing client work. Anticipate and identify engagement related risks and escalate/manage issues as appropriate on a timely basis. Assist Associate Directors and Directors in developing new methodologies, internal initiatives, marketing collaterals, and business proposals etc. Actively manage engagement budgets and ensure all stakeholders are updated timely. Skills Candidates should have proficient knowledge (both in leading and execution) in the areas of: 1. IT General Controls testing (ITGC) 2. IT General Controls testing for Internal Audits (IA) 3. Sarbanes-Oxley (SOX) 302, 404 audits 4. Third party reporting e.g., SOC1, SOC2 etc. 5. Strong experience, including performing risk assessments and audits, performing walkthroughs, creating flowcharts, and designing controls. 6. Microsoft office tools (Word, Excel, Access, Power point etc.) with demonstrated ability to coach young team members on the respective tools. Education / Professional Experience/ Qualifications 8 to 12 years of post-qualification experience in risk advisory/ related internal audit/ IT SOX audit experience preferably in big 4 or related business experience. Certified Information Systems Auditor/ Bachelor of Engineering/ B. Tech/ Master s in business administration with major in Information Technology & Systems/ Master s in computer applications. Internal Audit, Sox Audit, Team Handeling, Testing, Risk Advisory

About the Role: Grade Level (for internal use): 11 The Team Digital Solutions (DS) is an enterprise-shared technology service enabling people, functions, and divisions. We drive S&P Global to Power the Markets of the Future by working as trusted partners delivering secure, scalable, resilient, and innovative services and solutions that enable seamless experiences for our people and customers. The Impact This role reports to the Head of Technology Risk and Governance, in the Global Digital Technology Organization. The Head of Technology Risk and Governance drives the Digital Solutions technology risk and governance strategy, partnering with the second line of defense in Information Security, Digital Technology Services, and Corporate Platforms, as well as with Enterprise Risk and Compliance, and Audit. Responsibilities and Impact Lead efforts to build APIs between various governance tools to streamline data integration. Lead efforts to develop APIs for automated risk reporting to enhance data accuracy and timeliness. Drive automation in controls, including testing and monitoring, to improve efficiency and effectiveness. Coordinate with key stakeholders to define risk metrics - KRIs/ KPIs/ KCIs Coordinate with key stakeholders to define thresholds for key risk metrics Design and implement a Digital Solutions scorecard to track key performance metrics. Lead efforts to create and maintain a comprehensive controls/risks dashboard for real-time insights and decision-making Prepare presentations for Management reporting What Were Looking For Basic Required Qualifications Bachelor's Degree in a relevant field such as Engineering, Business, or Information Technology. 5+ years of experience in technology risk management and internal controls implementation, including both building and operating a function Proven ability to convey complex risk topics to varied audiences, including executive leadership and technical teams. Successful track record in a global environment, with strong relationship-building and communication skills. Exceptional analytical skills and problem-solving abilities, with experience in high-pressure environments. Additional Preferred Qualifications Experience in a large global organization leading the technology risk function. Master of Business Administration or equivalent advanced degree preferred, but not required . Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world.Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Health & WellnessHealth care coverage designed for the mind and body. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. ----------------------------------------------------------- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ----------------------------------------------------------- 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), RSKMGT202.2 - Middle Professional Tier II (EEO Job Group)

About the Role: Grade Level (for internal use): 09 The Role This position is an individual contributor within the Internal Audit team responsible for performing audit engagements including U.S. Sarbanes-Oxley (SOX) Compliance testing. This position will contribute significantly to SOX testing efforts and evaluating compliance with corporate policies, assessing risks over the IT operating environment and identifying operational efficiencies. The Impact The IT SOX Specialist will work closely with your direct manager and the process owners to gain an understanding of key processes, key controls, identify control gaps by strengthening and monitoring the internal control environment to provide assurance in the accuracy of reported financial information for a leading data provider worldwide. Whats in it for you You will interact with key process owners and colleagues across the Company. You will also be responsible for completing the audits and projects as outlined in the Internal Audit Plan and play a critical role in assessing the effectiveness of the control environment and providing value added recommendations across the organization. You will gain a robust understanding of the operations of all divisions and functions within the company. Ability to collaborate with a global team of seasoned financial services/audit professionals and access to the latest technological and data analytic tools Competitive compensation package with excellent benefits, including generous paid time off, tuition reimbursement, parental leave and more Advancement opportunities in a global company with presence in 30+ geographies The Team / The Business We have teams made up of people that work effectively together, while working with the larger group of auditors. Opportunities are presented every day to work with people from a wide variety of backgrounds and to develop a close team dynamic with coworkers from around the globe. The Internal Audit function is a global team with presence in all regions (Americas, EMEA and Asia Pacific). The function is independent and reports functioning to the Audit Committee. Responsibilities Lead and perform IT audits focused on compliance with Sarbanes-Oxley (SOX) regulations, ensuring that IT general controls and IT automated controls are effectively designed and operating. Develop, document, and execute test plans for IT controls, ensuring that they meet SOX requirements and are functioning as intended. Utilize GenAI, data analytics and automation tools to enhance audit processes, identify trends, and uncover anomalies in IT systems. Evaluate the SDLC processes to ensure proper controls are in place during system development, implementation, and maintenance. Stay updated on emerging IT risks and controls, including cloud computing, cybersecurity threats, and data privacy regulations. Participate in projects across the internal audit department, including risk-based audits and project assurance initiatives, to enhance overall audit effectiveness and efficiency. What Were Looking For You will be an effective communicator, in both verbal and written form, and an analytical thinker who employs logic and persuasion to influence with diplomacy and tact. You will be a proactive, innovative, collegial team player who can be accountable and absorb/integrate ideas from diverse views, create partnerships and collaborate with others. You will be nimble in learning and support the implementation of agile techniques. You will be responsible for balancing stakeholders and building/fostering relationships with stakeholders. You have a strong interest to learn, embrace agile auditing techniques, adoption of data analytics and emerging tools to strengthen quality of audit execution and SOX controls testing. Basic Qualifications: The ideal candidate must be an experienced audit professional with skills in IT SOX, internal audit, or related roles in control function organizations. Experience/exposure with different data analytics tools (such as Tableau, Alteryx, Power BI, etc.). Agility to support different Internal Audit capabilities such as business/data/IT auditing and SOX compliance. Minimum 3-5 years of relevant experience of IT controls-based testing through planning audits, conducting audit procedures, and preparing audit reports. Understanding and operational application of Sarbanes-Oxley Section 404 Public Accounting experience. Knowledge of or experience with providing audit support during integrated financial and operational audits. Knowledge or experience with information security controls. Experience with electronic work papers and standard productivity tools Bachelor's or Master's degree in Computer Science, Engineering, Information Technology, or a related field. Willing to travel (domestic and international), limited to 10 - 15% Professional certifications preferred but not required (CISA, CIA, CPA, etc.). #L1-RS2 Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world.Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Health & WellnessHealth care coverage designed for the mind and body. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. ----------------------------------------------------------- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ----------------------------------------------------------- 203 - Entry Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), FINANC202.1 - Middle Professional Tier I (EEO Job Group)

About the Role: Grade Level (for internal use): 12 The Team Digital Solutions (DS) is an enterprise-shared technology service enabling people, functions, and divisions. We drive S&P Global to Power the Markets of the Future by working as trusted partners delivering secure, scalable, resilient, and innovative services and solutions that enable seamless experiences for our people and customers. The Impact This role reports to the Head of Technology Risk and Governance, in the Global Digital Technology Organization. The Head of Technology Risk and Governance drives the Digital Solutions technology risk and governance strategy, partnering with the first line of defense in Information Security, Digital Technology Services, and Corporate Platforms, as well as with Enterprise Risk and Compliance, and Audit. Responsibilities This role belongs to First Line of Defense. Lead efforts to build APIs between various governance tools to streamline data integration. Lead efforts to d evelop APIs for automated risk reporting to enhance data accuracy and timeliness. Drive automation in controls, including testing and monitoring, to improve efficiency and effectiveness. Design and implement a Digital Solutions scorecard to track key performance metrics. Lead efforts to c reate and maintain a comprehensive controls/risks dashboard for real-time insights and decision-making Prepare presentations for Management reporting. What Were Looking For Basic Required Qualifications Bachelor's Degree in a relevant field such as Engineering, Business, or Information Technology. 10+ years of experience in technology risk management and internal controls implementation, including both building and operating a function. Proven ability to convey complex risk topics to varied audiences, including executive leadership and technical teams. Successful track record in a global environment, with strong relationship-building and communication skills. Exceptional analytical skills and problem-solving abilities, with experience in high-pressure environments. Additional Preferred Qualifications 12+ years of experience in a large global organization leading the technology risk function. Master of Business Administration or equivalent advanced degree preferred but not required . Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world.Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Health & WellnessHealth care coverage designed for the mind and body. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. ----------------------------------------------------------- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ----------------------------------------------------------- 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), RSKMGT202.2 - Middle Professional Tier II (EEO Job Group)

About the Role: Grade Level (for internal use): 11 The Team Digital Solutions (DS) is an enterprise-shared technology service enabling people, functions, and divisions. We drive S&P Global to Power the Markets of the Future by working as trusted partners delivering secure, scalable, resilient, and innovative services and solutions that enable seamless experiences for our people and customers. The Impact This role reports to the Head of Technology Risk and Governance, in the Global Digital Technology Organization. The Head of Technology Risk and Governance drives the Digital Solutions technology risk and governance strategy, partnering with the second line of defense in Information Security, Digital Technology Services, and Corporate Platforms, as well as with Enterprise Risk and Compliance, and Audit. Responsibilities and Impact Lead efforts in defining and documenting a comprehensive Issue Management Process document/ methodology Lead efforts to centralize control gaps/ issues in GRC tool Lead efforts in logging, tracking, monitoring and remediation of control gaps/ issues Coordinate with key stakeholders to ensure the issues are clearly articulated, mapped to appropriate risk category, mitigating controls are identified through proper risk assessment Lead efforts in periodic reporting of issues to senior Management Conduct data analysis to demonstrate trends of progress made in issue remediation by various technology processes Conduct meetings to discuss issues and risk remediation plan Lead efforts in risk exception and risk acceptance process Monitor risk acceptance scenarios and bring it to appropriate committees for reporting Prepare PowerPoint presentations to provide comprehensive and holistic issue management process What Were Looking For Basic Required Qualifications Bachelor's Degree in a relevant field such as Engineering, Business, or Information Technology. 5+ years of experience in technology risk management and internal controls implementation, including both building and operating a function. Proven ability to convey complex risk topics to varied audiences, including executive leadership and technical teams. Successful track record in a global environment, with strong relationship-building and communication skills. Exceptional analytical skills and problem-solving abilities, with experience in high-pressure environments. Additional Preferred Qualifications 5+ years of experience in a large global organization leading the technology risk function. Master of Business Administration or equivalent advanced degree preferred but not required . Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world.Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Health & WellnessHealth care coverage designed for the mind and body. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. ----------------------------------------------------------- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ----------------------------------------------------------- 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), RSKMGT202.2 - Middle Professional Tier II (EEO Job Group)

Roles and Responsibilities: Take end-to-end ownership over advisory and validation of residual risk issues Lead and execute formal risk reviews and assessments Review and challenge risk exception requests Collaborate with internal stakeholders to ensure remediation dependencies are captured and managed Identify and act upon opportunities to improve Risk Governance processes Participate in global and regional governance committees Act as a role model for Risk Excellence Interface Regulator Exams (RBI/IFTAS/SEBI/NPCI) Identify/Assess/Manage Risks against LRR and internal policies, and Track them to closure through Issue Management Experience Required: Bachelor's degree in Information Technology, Risk Management, Audit, or related field Experience in Technology Risk & Control, Risk Assurance, IT Security or Technology Operations Ability to break complex problems down into manageable action plans Ability to effectively balance multiple tasks through careful prioritization Ability to work independently while sharing expertise with others Strong communication and stakeholders management skills Preferred Qualifications: A minimum of 5 years of experience in IT Risk, IT Audit, IT Security, Project Management or Technology Operations. Consulting experience is a plus. Evolving expertise in several of the following areas: financial services, information technology, information security, systems development, change / release management, access security and physical access controls and procedures Proven experience in risk assessment and measurement Proven experience in IT security remediation, implementation of technical safeguards and validation of automated controls Risk / Security Certification (CRISC, CISA, CISM, CISSP) Practical knowledge of risk analysis methodologies, frameworks, standards, and best practices (NIST, COBIT)

Greetings of the day ! Our reputed MNC Client is hiring for Senior Manager- IT Compliance & Privacy Specialist Shift: 11:30 AM - 8:30 PM Working Mode: Hybrid (3 days WFO) Notice Period: 0-30 days (Plz don't apply if your notice period is more than 30 days) Key Responsibilities: Be an active member of the IT Risk & Compliance (ITRC) Organization. Support designing and developing the ITRC program and processes to support business requirements Provide targeted training on ITRC areas, including but not limited to IT Privacy, SOX Control framework Engage is other areas within IT Privacy - Represent IT in the internal privacy management team. Familiar with privacy regulations, policies, standards, and processes. Consult on privacy matters within the IT organization. Perform regular Privacy Assessments on new or existing processes. Communicate and follow up with project leaders to ensure privacy requirements are built into project plans. Identify areas of improvement in local practices related to managing data privacy. Champion or lead projects for global privacy compliance. Interface with IT teams (Architecture, Applications, Data, Controls, Security) on privacy requirements. Work with privacy leaders across the organization to align on global and regional privacy requirements. Develop and implement solutions to ensure privacy standards are correctly implemented. SOX Compliance: Expertise in the Sarbanes Oxley (SOX) framework including policy, standards, and processes. Consult on SOX matters within the IT organization and Controllership. Communicate and follow up with project leaders to ensure SOX controls are built into project plans and system designs. Facilitate the control narratives creation process. Work with remediation owners to ensure remediation plans are designed to manage risk and meet audit requirements. Identify areas of improvement and automation in managing SOX compliance. Manage AuditBoard, the software plate used to support IT compliance activities. Qualifications: 4-8 years in IT, Expertise in IT Compliance, Privacy, and/or SOX regulations CISA, IAPP or similar certification a plus Subject matter expertise in privacy including a basic understanding of legal requirements and generally accepted privacy principles Ability to bridge the gap between technology and business process & act as a facilitator/translator across diverse groups Strong interpersonal and project management skills. Networking skills and ability to work with multiple teams. SharePoint and MS Teams expertise. Audit Board experience is an advantage. Warm Regards, Gayatri Kumari Email Id: gayatri@v3staffing.in V3 Staffing Solutions

The role of Auditor involves: • Conducting audits of Information Systems / Information Security covering process reviews, application control and functionality reviews, BCP and DR testing, and adherence to Regulations with respect to Information Systems / Infosec • Execution of planned audits by adhering to given schedules and ensuring adherence to audit / ISO processes & ICAI standards. Review of Compliances to Audit reports submitted by Auditee units. Ensuring follow up for closure of reports and files within prescribed timelines. Skills Conducting internal audits within stipulated time and submission of audit reports based on risk based audit norms. • Ensuring quality of audit report (depth & coverage) by focusing on root cause analysis and providing qualitative suggestions/recommendations for improvement of processes & mitigation of risk • Effective use of off-site audit reports (with special focus on data mining & analysis) for bringing out risks in the audit reports. • Conducting planned and unplanned audits and provide qualitative suggestions/recommendations for improvement of processes • Updating skill sets and knowledge through continuous readings, attending trainings • Ensuring timely follow up on closure of audit findings; checking the closure in line with the risk and recommendation; processing the closure of audit issues / reports as per the policy • Timely submission of information relating to audits conducted to internal and external stakeholders. Qualifications, technical skills and experience Base qualifications: • Graduates/CAs/MBA (Finance) with relevant certification such as CISA / CISM / CISSP / CIA 2-5 Years of Experience (Audit/ Banking / NBFC Domain preferred) • Experience in Information Systems / Infosec audits in the financial services (Banking, NBFC) industry Technical skill set for Information systems auditor. The auditor should have: • Solid base of computer skills in hardware and software • Knowledge of various operating systems • Knowledge of Databases • Hands on experience on Network Architecture • Knowledge of other IT infrastructure • Application controls and Interfaces • Knowledge on Computer Assisted Audit Techniques (CAATs) • Knowledge on Information security governance • Knowledge on Business Continuity and Disaster Recovery framework Role Proficiencies: • Demonstrate good understanding of IS/Infosec function audits • Knowledge of Business Applications used in Banking / NBFC industry • Understanding of statutory and regulatory requirements and policies • Working on the preparation of the Audit Calendar for the year basis the residual risk assessment and methodology defined in audit policy of the organisation. • Conducting specific audits basis plan or trigger based requirements. • Drafting of detailed audit reports with assessment details, preparation of supporting workpapers, clearly documenting the observations noted with implications and recommending corrective actions to auditee • Coordinating and supporting the companys Compliance team during RBI Audits and other external audits. • Good communication (both verbal & written) and inter-personal skills • Ability to work independently or as a part of team and contribute towards team goals • Planning the audit, developing clear and concise risk/control matrices and audit programs, and reporting • Demonstrate professionalism, competence and clarity of communication when dealing with the IT stakeholders • Demonstrate reasonable knowledge of the industry or sector and be aware of technical issues or audit risk

Location: Thane What does a successful Internal Audit- IT professional do at FISERV? Efficiently conduct the audit projects as per The Institute of Internal Auditors standards and in accordance with Fiserv global Internal Audit framework and methodologies. What will you do: Should be able to direct/execute audit project independently (covering planning, fieldwork and reporting stages of audits) Lead a variety of moderately complex to complex IT focused audits including IT governance, service and project delivery, audits of IT technical domains such as networks, infrastructure, and applications. Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas Planning, conducting walkthroughs, drafting process understanding and relevant controls. Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls Documenting and Reviewing Test of Designs and Test of Effectiveness controls. Perform analytical procedures/analysis to test the effectiveness of controls. Document audit procedures and cross reference working papers. Create management representation letter comments and recommendations and draft audit reports for management review. Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., Validations of audit issues. Conducting special reviews. What will you need to know: Desired qualification: Computer Services engineering/ BSc/MSc-IT / BCA/MCA degree [with an emphasis in information technology or equivalent degree] Experience: at least 6 to 8 years of IT Audit experience in assessing technology/IT controls and have experience in Internal Audit, Compliance & Risk Advisory services preferably in Banking and Financial services domain. Experience in auditing IT Internal controls, IT risk mitigation and technology related processes reviews. Good experience in IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. Good client interfacing skills, drafting skills, communication, and interpersonal skills. Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.) What would be great to have: Desired certifications: CISA / CISSP / CISM / CCNA certified professionals

Function: Technology Risk 1st Line of Defence Industry: Banking & Financial Services (Institutional / Non-Retail) Job Summary: Our Global banking client is seeking a dynamic and technically sound AVP - Technology Risk Professional to join, 1st Line of Defence (1LOD) risk function within the Institutional Banking Technology domain. This role requires hands-on experience in IT Risk and Controls, Cybersecurity, and Information Security, with a strong foundation in control testing and monitoring. The ideal candidate will have worked in the banking sector, preferably in a foreign bank, supporting non-retail (institutional) business units and engaging directly with banking and tech regulators across multiple geographies. Some of the key responsibilities will include: Act as the 1st line owner of technology risk and controls within institutional banking. Conduct control testing and monitoring, ensuring alignment with internal policies and regulatory expectations. Identify, manage, and report non-financial risks; escalate and track risk issues and findings to closure. Collaborate with 2nd line risk and assurance functions to ensure holistic risk coverage. Participating in or lead governance forums and meetings, driving risk discussions with stakeholders. Ensure timely documentation and remediation of audit findings and issues. Maintain compliance with risk governance frameworks, providing evidence of effective control operation. Support teams across 19 geographies, adapting to diverse regulatory and risk environments. To be eligible for this role you will require: 8-12 years of experience in IT risk, technology controls, or technology assurance in the BFSI sector. Solid understanding of technology risk frameworks, information security, and cybersecurity principles. Hands-on experience with control design and testing, issue management, and risk assessments. Exposure to working with or managing tech or banking regulatory requirements. Strong stakeholder management and communication skills to engage across levels and functions. Demonstrated ability to think end-to-end in risk processes. Experience working in or with foreign banks and familiarity with global banking regulations. Certifications (Preferred but not mandatory): CISA / CISM / CRISC / CISSP / ISO 27001 / or any other relevant industry certifications. Mandatory Requirements: Prior experience in the banking sector (non-negotiable). Understanding of risk and control management in the 1st Line of Defence. Proven capability to manage technology risks in a complex, global banking environment.

Hi, We are having an opening for Lead Audit & Compliance Specialist -IT at our Mumbai location. Job Summary : The Lead Audit & Compliance Specialist plays a strategic and hands-on role in managing IT audits, compliance requirements, and risk mitigation initiatives across Sun Pharma's global IT landscape. This role is responsible for planning, coordinating, and executing internal and external IT audits, ensuring adherence to global compliance standards including SOX, GxP, and other regulatory frameworks. The incumbent will work across functions and geographies to embed a culture of compliance, maintain audit readiness, and strengthen IT governance. Key Responsibilities: Audit Lifecycle Management Lead and coordinate global IT audits, including preparation, evidence gathering, walkthroughs, and response submission. Manage the end-to-end lifecycle of audit findings, including tracking, remediation, and closure validation. Compliance & Regulatory Adherence Ensure IT compliance with GxP, SOX, ISO, and other applicable frameworks across infrastructure and service domains. Collaborate with internal stakeholders to implement global policies and ensure readiness for inspections. Documentation & Governance Maintain comprehensive documentation for IT controls, SOPs, risk registers, and mitigation actions. Establish audit dashboards and maintain compliance scorecards by geography and function. Internal Awareness & Training Drive audit and compliance awareness across IT teams through workshops, readiness drills, and role-based training. Continuous Improvement Identify compliance gaps and propose process enhancements or automation opportunities to reduce risk exposure. Specialized Knowledge Requirements Strong understanding of global regulatory standards including SOX, GxP, and ISO 27001 Experience with IT general controls (ITGC), audit frameworks, and risk management tools (e.g., Archer, ServiceNow GRC) Familiarity with ITSM/ITIL processes and audit mapping across Change, Incident, Problem, and Asset Management Exposure to Pharma or highly regulated industries is preferred Internal Stakeholders and Nature of Interaction CIO / Head of IT Service Assurance: Strategic guidance, audit governance, and risk updates Service Assurance, Infra, Cloud, and Application Leads: Evidence coordination, control implementation, RCA collaboration ITBPs, PMO, and HR Compliance: Policy alignment, audit readiness training, and data consistency External Stakeholders and Nature of Interaction Internal & External Auditors: Direct interaction during audit planning, walkthroughs, and evidence presentation Regulatory Inspectors: Respond to inspection findings and ensure documentation and controls are validated Consultants / Third-party Advisors: Best practices adoption, controls benchmarking, and co-sourcing guidance External Interaction % Approximately 3040% of role involves active engagement with auditors, regulatory bodies, and external advisors Nature of Communication Highly structured communication involving formal documentation, audit reports, control narratives, and risk dashboards Strategic presentation of findings to senior leadership and external stakeholders Tactical and operational interactions across teams to ensure data accuracy and audit response readiness Role Played in Negotiations Key influencer in discussions around audit scoping, remediation timelines, and closure sign-off Collaborates with Legal and Compliance teams on the language and commitments in control response narratives Key Decision-Making Expected Assessment of audit risk severity and prioritization of remediation actions Selection and implementation of compliance tools or frameworks for specific geographies or domains Recommendation of policy updates based on new or evolving regulatory standards Key Challenges for the Role Managing diverse compliance obligations across multiple jurisdictions Ensuring consistent and timely audit responses across distributed IT teams Driving cultural shift toward proactive compliance ownership Addressing historical non-compliance in legacy systems Extent and Nature of Innovation Required for the Role High degree of innovation required in designing automation for compliance workflows, dashboards, and evidence management Leveraging analytics to detect non-compliance trends and trigger preventive controls Enhancing audit readiness using AI-enabled documentation checks and control testing tools Job Requirements Educational Qualification: Master's in Information Technology, Risk Management, or related field Certifications: CISA, CRISC, or equivalent certifications are preferred ITIL and GRC platform certification (ServiceNow, Archer, etc.) Skills: Risk-based audit planning and control design Cross-functional collaboration and stakeholder management Tools-based audit management and compliance analytics Experience : 12-15+ years of experience in IT audit, risk, and compliance roles. Exposure to global audit environments and regulated industries (pharma/healthcare preferred)

The Second line of Defense Controls Testing partner for the Cyber and Technology Risk Management (CTRM) division will be a team leader who will work closely with peers, stakeholders, and their manager on Second Line s Controls Testing program focused, on Cyber and Technology Controls Testing/Validations as well as Cyber and Technology related assessments. Responsibilities will include: Lead 2LOD Cyber and Technology Risk Management team in India focused on controls testing/validation, assessments, and overall support to Cyber and Technology Risk Management initiatives Manage testing/validation requirements for controls testing team, monitor progress, and ensure timeliness and quality of team s work Test, Validate, and Assert to Business and Application Owner control testing methodology and test procedures Perform 2LOD validation work, including plan preparation, workpapers, finding, and report results to risk committees Manage day-to-day risk issues, design, and implementation of new controls with various teams Examine cyber risk controls, evaluate the design and operational effectiveness, determine exposure to risk, and work with business to develop remediation strategies Assess risk as a Second-Line governance role through the Risk and Control testing; Risk Identification; and Change Initiative Risk Assessment processes, as applicable Provide Second-Line risks and control testing findings to Risk Management leadership and risk committees Understanding of the Three Lines of Defense governance model Ability to assess and effectively communicate the operational, and technical findings and control issues to executive and business leadership, using language that is relevant to and understandable by the business Strong risk assessment framework knowledge and experience performing risk assessments covering key risks and controls Strong project management skills, including the ability to adapt to change quickly, multi-task and demonstrate flexibility in prioritization based on requested tasks Strong working knowledge of banking/financial regulatory requirements to perform and ensure an appropriate level of testing Qualifications - External 10-12 years of IT Audit experience to include but not limited to: Cyber Resilience, Cybersecurity, Risk Management, IT Risk and Control, and/or IT Audit 3+ years leading controls testing and/or audit teams CISSP, CISM, CISA, CRISC, or equivalent certifications highly preferred Familiarity with the NIST Cybersecurity Framework Strong working knowledge of the inherent cyber risks in the financial services industry Cloud, MFA, Password vaulting (e.g. CyberArk), and Secure SDLC experience Analytical and communication skills required to summarize and analyze information Organizational skills required to coordinate risk related activities with peers and senior executives Advanced Microsoft Office 365 skills

Location: Bangalore or Hyderabad Digital Risk Advisor Join a team of digital risk governance and controls professionals helping Swiss Re to fulfil its mission in making the world more resilient. As a Senior Digital Risk Advisor, you will be responsible for the first-line digital technology operations risk and control activities - ensuring risks are identified, controls applied, and performance is monitored, measured, and reported to our technology and business leaders. About the team The Digital Risk Governance Controls team is a key part of Swiss Res Security Team, focused on defining and managing risks related to digital topics. Were looking for an experienced and highly motivated expert who will help to drive the companys risk culture. In your role, you will Be part of a team of digital risk experts supporting Applications and Business stakeholders with applying digital risk governance principles and standards Actively contribute to the implementation of the digital risk framework as the trusted digital risk partner Ensure IT threats and risks are understood, issues handled timely, and IT controls designed and operating effectively Embed controls into operational procedures by collaborating with our digital technology teams to automate, measure performance, and continuously improve our risk position Build operational transparency with continuous monitoring and assessment of controls so that we meet our risk appetite and drive corrective actions where needed Be someone who believes in continuous innovation, is curious and adamant in finding a better way every day Your qualifications Nobody is perfect and meets 100% of our requirements. If you, however, meet some of the criteria below and are curious about the world of risk and control activities, well be more than happy to meet you! First experience s in IT risk and control-related roles, such as IT Governance, IT audit, or digital risk management CISA, CGEIT, CRISC or similar qualifications are an advantage Good teamwork and strong collaboration as well as a willingness to share knowledge and evolve within the team and across teams Capability to continuously build and maintain a strong collaborative network within the IT domains Be curious, proactive, result-oriented and confident in decision-making at speed Passion, drive and a belief in the value of digital risk management as an enabler of business performance Fluency in spoken and written English About Swiss Re . If you are an experienced professional returning to the workforce after a career break, we encourage you to apply for open positions that match your skills and experience. Keywords: Reference Code: 134238