20 Itgc Audit Jobs

Key Responsibilities: 1. IT Control Testing and Evaluation: Plan and execute control testing of ITGCs and automated application controls. Evaluate design and operating effectiveness of controls related to: User access management (IAM) Change management System development lifecycle (SDLC) Backup & recovery IT operations and infrastructure security Document testing procedures, results, and exceptions in line with ERM standards. 2. Risk and Control Self-Assessments (RCSA): Support IT RCSA activities across technology platforms and infrastructure. Identify and assess IT risks, including cybersecurity threats and third-party/vendor risks. Collaborate with IT stakeholders to remediate identified control gaps and improve IT control posture. 3. Regulatory and Framework Compliance: Ensure alignment with regulatory requirements and industry frameworks such as: SOX (Sarbanes-Oxley) FFIEC, OCC, NIST, COBIT, ISO 27001 Monitor compliance with internal IT policies, procedures, and enterprise risk tolerance. 4. Stakeholder Engagement & Collaboration: Work closely with IT, Information Security, Compliance, and Internal Audit teams. Serve as the subject matter expert (SME) on IT control testing and risk identification. Communicate findings, risks, and recommendations clearly to technical and non-technical stakeholders. 5. Reporting and Documentation: Develop testing scripts, risk-control matrices, and evidence documentation. Prepare executive-level reports highlighting key findings, trends, and remediation status. Track control testing progress and report deviations from expected timelines or outcomes. 6. Continuous Improvement: Stay current with technology risk trends, emerging threats, and evolving compliance standards. Recommend enhancements to IT control testing methodologies, tooling, and governance processes. Key Qualifications: Education: Bachelors degree in Information Technology, Computer Science, Cybersecurity, Risk Management, or related fields. Advanced certifications are a plus. Certifications (preferred): CISA (Certified Information Systems Auditor) CRISC (Certified in Risk and Information Systems Control) CISSP, CGEIT, or ITIL certifications Experience: 810 years in IT risk management, internal audit, or control testing within financial services or technology-driven environments. Technical Skills: Strong knowledge of ITGCs, application controls, and system security principles Hands-on experience with GRC platforms (e.g., Archer, MetricStream, ServiceNow GRC) Familiarity with scripting or automation tools for testing/reporting is a plus Proficient in Excel, Power BI, or Tableau for data analysis and reporting Please share your cv at surbhi.malhotra@nlbtech.com

ITGC -Hyderabad They will be the same key roles and responsibilities, but each headcount will have specific focus/expertise as outlined in 1-4 below. This should give high level summary of specific qualification/experience in resources that we look for. Information Security/Cyber Security Infrastructure, cloud platform, network, and service management, software engineering/SLDC Data ITGC and business application controls Key Role & Responsibilities Conduct and document thorough walkthrough of IT controls Design test plans and document test steps to assess the control design and operating effectiveness Create/prepare a document request list and work with control owners/performers to obtain evidence supporting the control execution and validation that the control is working as intended. Complete control testing workpaper and maintain detailed records of testing results, findings, and recommendations. Address workpaper review comments and independent review and challenge from the Second Line of Defense Specific Skillsets & Experiences Experience with IT internal audit or other risk assurance functions Knowledge of industry and compliance frameworks i.e., NIST cybersecurity framework, CIS, ITIL, PCI, FedRAMP Strong understanding of risk management methodologies, and security control testing techniques. Strong verbal and written communication skills, with the ability to lead walkthroughs with control owners/performers, and construct questions and follow-ups. Focus on each headcount: Information Security/Cyber security focus - Technical skills and experiences with particular focus/familiarity on the following control areas or tools, but not limited to: Network security - firewall, NAC, Network Intrusion Prevention/detection, WAF, Web filtering/Web traffic (i.e., FireMon, Cisco ISE, Cloudflare etc.) Cyber data protection/data security - DLP, data discover/classification, email security, cloud data security/CASB, database security and encryption (i.e., Trellix, Proofpoint, Varonis, Purview, Imperva) Servers and endpoint security - Antivirus/Antimalware, Device, protection, Endpoint privilege access (i.e., Crowdstrike, Absolute, Beyond Trust) Cyber defense SIEM, MSSP, and SOC for log forwarding/ingestion/and monitoring, Cyber Threat Intelligence Cloud platform security Application and API security OWASP principles, SAST, SCA, DAST, secret scanning Access and Authentication/Privilege access (i.e., SailPoint, Okta/Auth0, Delinea) Infrastructure, cloud platform, and network, and service management, software engineering/SDLC focus - Technical skills and experiences with particular focus on the following control areas/concepts, but not limited to: Server and Directory service management Build/image, configuration management, certification management, backup and recovery, Active Directory, Patching Workstations, Virtual Desktops, Mobile Devices – Build/Image, MAM, Patching Cloud platform management – AWS/AWS well-architected framework, Azure, IaC/automated build template Platform and application observability Disaster recovery – Data center DR test, High availability, cloud recovery Service management – Hardware/software asset management, software licensing, CMDB, change management, incident and problem management SLDC – DevSecOps concept, Coding services (IaC, service mesh etc.), Code repository, CI/CD, Quality engineering and quality assurance Data focus - Technical skills and experiences with particular focus on the following areas/concepts, but not limited to: Database administration – Database design/structure, access controls, build, configuration, backup, jobs, and other maintenance and security measures (i.e., SQL, PostgreSQL) Data warehouse platform/data development/transformation – Design/architecture, Data modeling, ETL, data obfuscation and masking (i.e., Snowflake, Coalesce) Data transit/exchange connection/data file transfers – Monitoring, Logging, Secure file transfer/protocols, error handling Data governance and quality management – Metadata management, Data lineage, Data quality rules, Data defect management (i.e., Collibra) ITGC and business application controls / SOX focus (e.g., system interface and integration) - Technical skills and experiences with particular focus on the following areas/concepts Testing of SOX ITGC / IT general controls Testing of business applications controls – Automated application interface and integration, system/application Please share your profile at surbhi.malhotra@nlbtech.com

Job Description Title: Audit and Compliance - IT Department: Information Technology Location: Noida Position Overview: The Audit and Compliance Deputy Manager/ Manager will be responsible for planning, executing, and managing audits, risk assessments, and compliance activities related to IT systems and infrastructure. The role requires strong expertise in IT governance, risk management, cybersecurity, and regulatory compliance, with a good understanding of operational dynamics in the renewable power industry. Key Responsibilities: 1. IT Audit and Assurance Develop and execute a comprehensive risk-based IT audit plan annually, aligned with business objectives. Perform internal IT audits across infrastructure, applications, cybersecurity, and business continuity areas. Evaluate the effectiveness of internal controls, data privacy practices, cybersecurity defences, and system reliability. Prepare clear, concise, and actionable audit reports with findings, risks, and recommendations. Plan and execute SAP IT General Controls (ITGC) audits, including areas such as access management, change management, and data integrity. Identify control deficiencies, weaknesses, and risks in SAP modules and related business applications. Perform periodic audits of application controls, including role-based access controls, SOD (Segregation of Duties), and user provisioning in SAP. 2. Compliance Management Ensure compliance with industry regulations and internal IT policies, including: ISO/IEC 27001 (Information Security Management) GDPR (General Data Protection Regulation) NERC CIP (Critical Infrastructure Protection where applicable) FERC, ERCOT, and other energy regulatory bodies (as applicable) Lead IT compliance readiness initiatives for audits like ISO certifications, SOC 2, GDPR, etc. Maintain all required documentation, including compliance matrices, risk registers, and audit trails. 3. Risk Management Identify, assess, and prioritize IT risks, including cybersecurity risks specific to the renewable energy industry (e.g., SCADA systems, OT networks). Develop risk mitigation strategies in collaboration with IT Security and Business Continuity teams. Conduct regular risk assessments and vulnerability evaluations. 4. Policy and Process Development Draft, update, and enforce IT security and compliance policies, ensuring alignment with business goals and regulatory changes. Collaborate with IT teams and business stakeholders to embed compliance into system design, development, and deployment processes. 5. Incident Management and Reporting Support incident response processes from a compliance and governance perspective. Participate in investigations of IT-related breaches or non-compliance cases. Report on incidents and post-incident compliance reviews to leadership. 6. Training and Awareness Conduct IT compliance training sessions and awareness programs for employees across all levels. Promote a culture of information security, compliance, and ethical IT practices. 7. External Engagements Coordinate with external auditors, regulatory agencies, and third-party vendors during audits or compliance reviews. Manage vendor compliance for IT service providers and technology partners. Track changes in regulations and standards, assess their impact, and update processes accordingly. Prepare comprehensive audit reports with clear findings, risks, and actionable recommendations. Qualifications: Bachelor's or Master's degree in Information Technology, Computer Science, Cybersecurity, or a related field. CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent certification preferred. Minimum 7-12 years of experience in IT audit, risk management, and compliance functions. Experience working in or with the renewable energy or power sector is highly desirable. Strong understanding of IT operations, cybersecurity frameworks, and risk management principles. Knowledge of industry-specific compliance requirements (e.g., NERC CIP, FERC, ISO standards applicable to renewable power). Experience in ERP systems, SCADA systems, and IoT/OT security would be an advantage. Strong analytical, reporting, and communication skills. SAP Security or GRC Certification (advantageous) Key Skills and Competencies: Expertise in IT Audit Methodologies and Frameworks (ISACA Standards, COBIT) Strong knowledge of cybersecurity frameworks (NIST, ISO 27001, CIS Controls) Hands-on understanding of IT risk management principles Knowledge of renewable energy sector regulatory compliance (e.g., renewable energy certificates, regulatory reporting obligations) Critical thinking and strong analytical skills Excellent written and verbal communication skills Ability to work independently and collaboratively with cross-functional teams Attention to detail and a proactive mindset toward continuous improvement High level of integrity and ethical standards Preferred Certifications: Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) ISO 27001 Lead Auditor / Lead Implementer NERC CIP Certification (advantageous for power sector experience) Work Environment: Occasional travel to renewable energy project sites, regional offices, and data centres Work in collaboration with IT infrastructure, cybersecurity, energy operations, legal, and corporate compliance teams

JD IT Senior TEAM: This position will support our IT Audit Group. CohnReznick’s specialized SOC practitioners focus on conducting SOC1, SOC2 and SOC3 audits for third-party service providers, while also conducting internal control assessments, attestations, penetration tests, and firewall assessments. ROLE: Responsibilities include but not limited to: Participates in planning and scoping of IT audits for both SOC engagements and ICFR audits. Comfortable leading technology walkthroughs in IT general controls and application control Develops test procedures for execution and prepares relevant documentation Executes testing of IT general controls and application controls based on internal and industry standards and guidelines. Problem solves and steps in to complete work to meet critical deadlines. Conducts root cause analysis, compensating and mitigating controls, and impact analysis. Communicates engagement status to client and engagement team management. You possess knowledge in ITGCs, IT application controls, cybersecurity as well as IT infrastructure including databases, networks and operating systems. Experience working with both applications and infrastructure supporting financial reporting processes. Being comfortable leading interviews with IT personnel to understand and document the design of IT General Controls (ITGCs). Having experience designing and executed testing for ITGCs. Key focus on Access Management (with related experience in Privileged Access Management and Identity and Access Management), and Change Management (with knowledge of Agile and DevOps methodologies) Possess supervisory skills to supervise, guide and coach activities of other department staff with varying skillsets Working independently or on small teams and possess the ability to multi-task to ensure timely completion of work and managing client and manager/partner expectations. Possess effective planning, coordination, time management, and organization skills. Demonstrate flexibility in prioritizing and completing assignments on time and within budget. Demonstrate attention to detail, strong organization skills, and ability to be agile and adaptable. Being comfortable interacting with clients across different levels of seniority. Experience presenting with a good working knowledge of Microsoft Office applications. EXPERIENCE: The successful candidate will have: 2- 4 years of relevant work experience Bachelor's Degree in computer science or accounting information systems; Experience in IT external audit, IT internal audit, and Technology Risk and / or ITGC assessment for compliance with SOX. ERP Oracle, SAP, JDE) and Cloud security (Azure, AWS, Google Cloud security) knowledge a plus. Must be able to travel, if required and work overtime during busy season Certified Information Systems Auditor (CISA) and/or CPA or working towards it

The SOC professional will be responsible for the preparation of third party attestation reports, including Service Organization Control (SOC) 1, SOC 2, and WebTrust for CAs, as well as HITRUST, and ISO, applying most areas of the governing standard as necessary and documenting, validating, testing and assessing various control systems. This position may also be involved in other business process or IS assurance related engagements, including SOX, IT general control testing for private company financial audit engagements, and agreed-upon procedure engagements. Job Duties Control Environment Applies knowledge and understanding of the collective effect of various factors on establishing or enhancing effectiveness, or mitigating the risks, of specific policies and procedures by: Identifying and considering all applicable policies, laws, rules, and regulations of the firm, regulators, or other authoritative bodies as part of engagement team; Communicating with the client to understand key IT and business processes, identifying key risks; Prioritizing key risks, and assesses their impact and likeliness of occurrence; Applying professional skepticism while evaluating the control effectiveness; Documenting business and IT processes and controls and tests key controls for service organizations in a variety of industries; Documenting and validating the operating effectiveness of the clients control; Developing and maintaining relationships with client personnel and management; and Ensuring technology is appropriately integrated into the examination process. GAAS Applies knowledge and understanding of professional standards; application of the principles contained in professional standards; and the ability to document and communicate an understanding and application of professional standards on an engagement by: Developing and applying an intermediate knowledge of auditing theory, a sense of audit skepticism, and the use of BDO audit manuals; Applying auditing theory to various client situations; Documenting working papers and attestation reports in line with BDO policy, identifying deviations and notifying more senior team members in order to obtain appropriate approvals; Applying knowledge to identify instances where testing may be reduced or expanded and notifying more senior team members of the occurrence; and Contributing ideas and opinions to the engagement team. Methodology Applies knowledge and application of BDO standards to guide effective and efficient delivery of quality services and products by: Completing all appropriate documentation of BDO work papers; and Ensuring assigned work is performed in accordance with BDO methodology and requirements. Research Applies methodology used to seek or maintain information from authoritative sources and to draw conclusions regarding a target issue based on the information by: Researching basic and intermediate topics and forming an initial opinion on the treatment independently. Training Attend professional development and training sessions on a regular basis Complete required CPE hours to maintain applicable certifications Other duties as required

Job Description: As a Support- ITGC Audit & SAP PS at Welspun World, your primary responsibility will be to ensure the optimum utilization of equipments and resources in order to meet the agreed Targets. Your role will involve improving Techno Economical parameters, monitoring Operational Efficiency, and fostering Innovation within the organization. Your key duties will include performing ITGC audit activities such as SAP compliance and SOD reviews, reviewing and deactivating inactive SAP user IDs as part of the audit process, resolving L1 tickets, and addressing issues in SAP PS modules. Additionally, you will be responsible for managing and maintaining relevant PS master data, supporting System Integration Testing (SIT) and User Acceptance Testing (UAT), providing training and guidance to end users on SAP PS functionalities, and ensuring compliance with internal control frameworks and policies. In this role, you will collaborate closely with cross-functional teams to implement corrective actions and drive continuous improvements. Your interactions will span across various levels within the organization including Top Management, Mid Management, Junior Management, Employees, Client Relations, Auditors, Vendors, and Third Party stakeholders. The ideal candidate for this position should have at least 1 year of relevant experience and demonstrate proficiency in key competencies such as Business & Commercial acumen, People Excellence, Entrepreneurship, Global Mind-set, SAP/ERP Data Management, Internal Audit, and Analytical Skills. Join Welspun World in leading tomorrow together to create a smarter and more sustainable world.,

Job Description for Candidates: KPMG Resource Centre (KRC) is a team of 3,000+ colleagues serving audit clients of primarily KPMG Europe and a few other countries. KRCs services include end-to-end Audits, IT Audits, Data Analytics, Engagement Support Hub, Transaction Assurance and ESG, among others. The business supports multiple sectors and is currently present in Bengaluru, Gurugram, Noida and Mumbai. Through your work, you’ll build a global network and unlock opportunities that you may not have thought possible with access to great support, vast resources, and an inclusive, supportive environment to help you reach your full potential. Responsibilities for Candidates Roles & responsibilities We are recruiting for Staff in the IT Audit team. Working as an Senior in this team, your responsibilities will include:•Review SOX 404 assessments in accordance with the PCAOB (Public Company Accounting Oversight Board) Auditing Standards – Using work of others•Evaluate the design and operating effectiveness of technology controls (GITCs and ITACs) pertaining to Client’s Internal Controls over Financial Reporting.•Conduct Process understanding discussions with the Clients as part of assessing risks arising from their use of Technology and identify control gaps within their processes.•Perform ISAE3402, SOC 1 and SOC 2 (System and Organization Controls) assessments in accordance with the attestation standards established by the AICPA (American Institute of Certified Public Accountants) and ICAEW.•Identify potential opportunities to drive standardization and efficiency across engagements by the use of automation.•Understanding of the current SSAE guidelines•Experience in evaluating SOC1 reports for User organizations. Mandatory technical & functional skills Experience in testing General IT Controls [GITCs] across the following domains: Access to Programs and Data, Program Development and Changes and Computer Operations.•Experience in testing Automated Controls [ITACs] and configurations.•Experience in testing GITCs across a variety of Operating Systems and Databases desirable This role is for you if you have the below Educational qualifications BE/B-Tech/MCA/BSC-IT/MBA•Certifications – CISA cleared/certified preferred Work experience The candidate must have a minimum of 3-4 years of experience in a similar role [Big 4 experience preferred]•Working knowledge of frameworks including ISA 315, COSO, COBIT, ISO 27001, NIST CSF and NIST SP 800-53 is desirable

control testing job descriptions . They will be the same key roles and responsibilities, but each headcount will have specific focus/expertise as outlined in 1-4 below. This should give high level summary of specific qualification/experience in resources that we look for. Information Security/Cyber Security Infrastructure, cloud platform, network, and service management, software engineering/SLDC Data ITGC and business application controls Key Role & Responsibilities Conduct and document thorough walkthrough of IT controls Design test plans and document test steps to assess the control design and operating effectiveness Create/prepare a document request list and work with control owners/performers to obtain evidence supporting the control execution and validation that the control is working as intended. Complete control testing workpaper and maintain detailed records of testing results, findings, and recommendations. Address workpaper review comments and independent review and challenge from the Second Line of Defense Specific Skillsets & Experiences Experience with IT internal audit or other risk assurance functions Knowledge of industry and compliance frameworks i.e., NIST cybersecurity framework, CIS, ITIL, PCI, FedRAMP Strong understanding of risk management methodologies, and security control testing techniques. Strong verbal and written communication skills, with the ability to lead walkthroughs with control owners/performers, and construct questions and follow-ups. Focus on each headcount: Information Security/Cyber security focus - Technical skills and experiences with particular focus/familiarity on the following control areas or tools, but not limited to: Network security - firewall, NAC, Network Intrusion Prevention/detection, WAF, Web filtering/Web traffic (i.e., FireMon, Cisco ISE, Cloudflare etc.) Cyber data protection/data security - DLP, data discover/classification, email security, cloud data security/CASB, database security and encryption (i.e., Trellix, Proofpoint, Varonis, Purview, Imperva) Servers and endpoint security - Antivirus/Antimalware, Device, protection, Endpoint privilege access (i.e., Crowdstrike, Absolute, Beyond Trust) Cyber defense SIEM, MSSP, and SOC for log forwarding/ingestion/and monitoring, Cyber Threat Intelligence Cloud platform security Application and API security – OWASP principles, SAST, SCA, DAST, secret scanning Access and Authentication/Privilege access (i.e., SailPoint, Okta/Auth0, Delinea) Infrastructure, cloud platform, and network, and service management, software engineering/SDLC focus - Technical skills and experiences with particular focus on the following control areas/concepts, but not limited to: Server and Directory service management – Build/image, configuration management, certification management, backup and recovery, Active Directory, Patching Workstations, Virtual Desktops, Mobile Devices – Build/Image, MAM, Patching Cloud platform management – AWS/AWS well-architected framework, Azure, IaC/automated build template Platform and application observability Disaster recovery – Data center DR test, High availability, cloud recovery Service management – Hardware/software asset management, software licensing, CMDB, change management, incident and problem management SLDC – DevSecOps concept, Coding services (IaC, service mesh etc.), Code repository, CI/CD, Quality engineering and quality assurance Data focus - Technical skills and experiences with particular focus on the following areas/concepts, but not limited to: Database administration – Database design/structure, access controls, build, configuration, backup, jobs, and other maintenance and security measures (i.e., SQL, PostgreSQL) Data warehouse platform/data development/transformation – Design/architecture, Data modeling, ETL, data obfuscation and masking (i.e., Snowflake, Coalesce) Data transit/exchange connection/data file transfers – Monitoring, Logging, Secure file transfer/protocols, error handling Data governance and quality management – Metadata management, Data lineage, Data quality rules, Data defect management (i.e., Collibra) ITGC and business application controls / SOX focus (e.g., system interface and integration) - Technical skills and experiences with particular focus on the following areas/concepts Testing of SOX ITGC / IT general controls Testing of business applications controls – Automated application interface and integration, system/application Please share your profile at surbhi.malhotra@nlbtech.com

Key Responsibilities: 1. IT Control Testing and Evaluation: Plan and execute control testing of ITGCs and automated application controls. Evaluate design and operating effectiveness of controls related to: User access management (IAM) Change management System development lifecycle (SDLC) Backup & recovery IT operations and infrastructure security Document testing procedures, results, and exceptions in line with ERM standards. 2. Risk and Control Self-Assessments (RCSA): Support IT RCSA activities across technology platforms and infrastructure. Identify and assess IT risks, including cybersecurity threats and third-party/vendor risks. Collaborate with IT stakeholders to remediate identified control gaps and improve IT control posture. 3. Regulatory and Framework Compliance: Ensure alignment with regulatory requirements and industry frameworks such as: SOX (Sarbanes-Oxley) FFIEC, OCC, NIST, COBIT, ISO 27001 Monitor compliance with internal IT policies, procedures, and enterprise risk tolerance. 4. Stakeholder Engagement & Collaboration: Work closely with IT, Information Security, Compliance, and Internal Audit teams. Serve as the subject matter expert (SME) on IT control testing and risk identification. Communicate findings, risks, and recommendations clearly to technical and non-technical stakeholders. 5. Reporting and Documentation: Develop testing scripts, risk-control matrices, and evidence documentation. Prepare executive-level reports highlighting key findings, trends, and remediation status. Track control testing progress and report deviations from expected timelines or outcomes. 6. Continuous Improvement: Stay current with technology risk trends, emerging threats, and evolving compliance standards. Recommend enhancements to IT control testing methodologies, tooling, and governance processes. Key Qualifications: Education: Bachelors degree in Information Technology, Computer Science, Cybersecurity, Risk Management, or related fields. Advanced certifications are a plus. Certifications (preferred): CISA (Certified Information Systems Auditor) CRISC (Certified in Risk and Information Systems Control) CISSP, CGEIT, or ITIL certifications Experience: 810 years in IT risk management, internal audit, or control testing within financial services or technology-driven environments. Technical Skills: Strong knowledge of ITGCs, application controls, and system security principles Hands-on experience with GRC platforms (e.g., Archer, MetricStream, ServiceNow GRC) Familiarity with scripting or automation tools for testing/reporting is a plus Proficient in Excel, Power BI, or Tableau for data analysis and reporting Please share your cv at surbhi.malhotra@nlbtech.com

Key Responsibilities: 1. IT Control Testing and Evaluation: Plan and execute control testing of ITGCs and automated application controls. Evaluate design and operating effectiveness of controls related to: User access management (IAM) Change management System development lifecycle (SDLC) Backup & recovery IT operations and infrastructure security Document testing procedures, results, and exceptions in line with ERM standards. 2. Risk and Control Self-Assessments (RCSA): Support IT RCSA activities across technology platforms and infrastructure. Identify and assess IT risks, including cybersecurity threats and third-party/vendor risks. Collaborate with IT stakeholders to remediate identified control gaps and improve IT control posture. 3. Regulatory and Framework Compliance: Ensure alignment with regulatory requirements and industry frameworks such as: SOX (Sarbanes-Oxley) FFIEC, OCC, NIST, COBIT, ISO 27001 Monitor compliance with internal IT policies, procedures, and enterprise risk tolerance. 4. Stakeholder Engagement & Collaboration: Work closely with IT, Information Security, Compliance, and Internal Audit teams. Serve as the subject matter expert (SME) on IT control testing and risk identification. Communicate findings, risks, and recommendations clearly to technical and non-technical stakeholders. 5. Reporting and Documentation: Develop testing scripts, risk-control matrices, and evidence documentation. Prepare executive-level reports highlighting key findings, trends, and remediation status. Track control testing progress and report deviations from expected timelines or outcomes. 6. Continuous Improvement: Stay current with technology risk trends, emerging threats, and evolving compliance standards. Recommend enhancements to IT control testing methodologies, tooling, and governance processes. Key Qualifications: Education: Bachelors degree in Information Technology, Computer Science, Cybersecurity, Risk Management, or related fields. Advanced certifications are a plus. Certifications (preferred): CISA (Certified Information Systems Auditor) CRISC (Certified in Risk and Information Systems Control) CISSP, CGEIT, or ITIL certifications Experience: 810 years in IT risk management, internal audit, or control testing within financial services or technology-driven environments. Technical Skills: Strong knowledge of ITGCs, application controls, and system security principles Hands-on experience with GRC platforms (e.g., Archer, MetricStream, ServiceNow GRC) Familiarity with scripting or automation tools for testing/reporting is a plus Proficient in Excel, Power BI, or Tableau for data analysis and reporting Please share your cv at surbhi.malhotra@nlbtech.com

Key Responsibilities: 1. IT Control Testing and Evaluation: Plan and execute control testing of ITGCs and automated application controls. Evaluate design and operating effectiveness of controls related to: User access management (IAM) Change management System development lifecycle (SDLC) Backup & recovery IT operations and infrastructure security Document testing procedures, results, and exceptions in line with ERM standards. 2. Risk and Control Self-Assessments (RCSA): Support IT RCSA activities across technology platforms and infrastructure. Identify and assess IT risks, including cybersecurity threats and third-party/vendor risks. Collaborate with IT stakeholders to remediate identified control gaps and improve IT control posture. 3. Regulatory and Framework Compliance: Ensure alignment with regulatory requirements and industry frameworks such as: SOX (Sarbanes-Oxley) FFIEC, OCC, NIST, COBIT, ISO 27001 Monitor compliance with internal IT policies, procedures, and enterprise risk tolerance. 4. Stakeholder Engagement & Collaboration: Work closely with IT, Information Security, Compliance, and Internal Audit teams. Serve as the subject matter expert (SME) on IT control testing and risk identification. Communicate findings, risks, and recommendations clearly to technical and non-technical stakeholders. 5. Reporting and Documentation: Develop testing scripts, risk-control matrices, and evidence documentation. Prepare executive-level reports highlighting key findings, trends, and remediation status. Track control testing progress and report deviations from expected timelines or outcomes. 6. Continuous Improvement: Stay current with technology risk trends, emerging threats, and evolving compliance standards. Recommend enhancements to IT control testing methodologies, tooling, and governance processes. Key Qualifications: Education: Bachelors degree in Information Technology, Computer Science, Cybersecurity, Risk Management, or related fields. Advanced certifications are a plus. Certifications (preferred): CISA (Certified Information Systems Auditor) CRISC (Certified in Risk and Information Systems Control) CISSP, CGEIT, or ITIL certifications Experience: 810 years in IT risk management, internal audit, or control testing within financial services or technology-driven environments. Technical Skills: Strong knowledge of ITGCs, application controls, and system security principles Hands-on experience with GRC platforms (e.g., Archer, MetricStream, ServiceNow GRC) Familiarity with scripting or automation tools for testing/reporting is a plus Proficient in Excel, Power BI, or Tableau for data analysis and reporting Please share your cv at jyoti.gupta@nlbtec.in

EY GDS is actively seeking for IT Audit professionals to join our Technology Risk team at Kolkata, Kochi, and Trivandrum locations To qualify for the role, you must have A bachelors or masters degree and approximately 3-8 years of related work experience At least 3+ years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/MLRole & responsibilities

Job Description Title: Audit and Compliance - IT Department: Information Technology Location: Noida Position Overview: The Audit and Compliance Deputy Manager/ Manager will be responsible for planning, executing, and managing audits, risk assessments, and compliance activities related to IT systems and infrastructure. The role requires strong expertise in IT governance, risk management, cybersecurity, and regulatory compliance, with a good understanding of operational dynamics in the renewable power industry. Key Responsibilities: 1. IT Audit and Assurance Develop and execute a comprehensive risk-based IT audit plan annually, aligned with business objectives. Perform internal IT audits across infrastructure, applications, cybersecurity, and business continuity areas. Evaluate the effectiveness of internal controls, data privacy practices, cybersecurity defences, and system reliability. Prepare clear, concise, and actionable audit reports with findings, risks, and recommendations. Plan and execute SAP IT General Controls (ITGC) audits, including areas such as access management, change management, and data integrity. Identify control deficiencies, weaknesses, and risks in SAP modules and related business applications. Perform periodic audits of application controls, including role-based access controls, SOD (Segregation of Duties), and user provisioning in SAP. 2. Compliance Management Ensure compliance with industry regulations and internal IT policies, including: ISO/IEC 27001 (Information Security Management) GDPR (General Data Protection Regulation) NERC CIP (Critical Infrastructure Protection where applicable) FERC, ERCOT, and other energy regulatory bodies (as applicable) Lead IT compliance readiness initiatives for audits like ISO certifications, SOC 2, GDPR, etc. Maintain all required documentation, including compliance matrices, risk registers, and audit trails. 3. Risk Management Identify, assess, and prioritize IT risks, including cybersecurity risks specific to the renewable energy industry (e.g., SCADA systems, OT networks). Develop risk mitigation strategies in collaboration with IT Security and Business Continuity teams. Conduct regular risk assessments and vulnerability evaluations. 4. Policy and Process Development Draft, update, and enforce IT security and compliance policies, ensuring alignment with business goals and regulatory changes. Collaborate with IT teams and business stakeholders to embed compliance into system design, development, and deployment processes. 5. Incident Management and Reporting Support incident response processes from a compliance and governance perspective. Participate in investigations of IT-related breaches or non-compliance cases. Report on incidents and post-incident compliance reviews to leadership. 6. Training and Awareness Conduct IT compliance training sessions and awareness programs for employees across all levels. Promote a culture of information security, compliance, and ethical IT practices. 7. External Engagements Coordinate with external auditors, regulatory agencies, and third-party vendors during audits or compliance reviews. Manage vendor compliance for IT service providers and technology partners. Track changes in regulations and standards, assess their impact, and update processes accordingly. Prepare comprehensive audit reports with clear findings, risks, and actionable recommendations. Qualifications: Bachelor's or Master's degree in Information Technology, Computer Science, Cybersecurity, or a related field. CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent certification preferred. Minimum 7-12 years of experience in IT audit, risk management, and compliance functions. Experience working in or with the renewable energy or power sector is highly desirable. Strong understanding of IT operations, cybersecurity frameworks, and risk management principles. Knowledge of industry-specific compliance requirements (e.g., NERC CIP, FERC, ISO standards applicable to renewable power). Experience in ERP systems, SCADA systems, and IoT/OT security would be an advantage. Strong analytical, reporting, and communication skills. SAP Security or GRC Certification (advantageous) Key Skills and Competencies: Expertise in IT Audit Methodologies and Frameworks (ISACA Standards, COBIT) Strong knowledge of cybersecurity frameworks (NIST, ISO 27001, CIS Controls) Hands-on understanding of IT risk management principles Knowledge of renewable energy sector regulatory compliance (e.g., renewable energy certificates, regulatory reporting obligations) Critical thinking and strong analytical skills Excellent written and verbal communication skills Ability to work independently and collaboratively with cross-functional teams Attention to detail and a proactive mindset toward continuous improvement High level of integrity and ethical standards Preferred Certifications: Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) ISO 27001 Lead Auditor / Lead Implementer NERC CIP Certification (advantageous for power sector experience) Work Environment: Occasional travel to renewable energy project sites, regional offices, and data centres Work in collaboration with IT infrastructure, cybersecurity, energy operations, legal, and corporate compliance teams

Key Responsibilities: 1. IT Control Testing and Evaluation: Plan and execute control testing of ITGCs and automated application controls. Evaluate design and operating effectiveness of controls related to: User access management (IAM) Change management System development lifecycle (SDLC) Backup & recovery IT operations and infrastructure security Document testing procedures, results, and exceptions in line with ERM standards. 2. Risk and Control Self-Assessments (RCSA): Support IT RCSA activities across technology platforms and infrastructure. Identify and assess IT risks, including cybersecurity threats and third-party/vendor risks. Collaborate with IT stakeholders to remediate identified control gaps and improve IT control posture. 3. Regulatory and Framework Compliance: Ensure alignment with regulatory requirements and industry frameworks such as: SOX (Sarbanes-Oxley) FFIEC, OCC, NIST, COBIT, ISO 27001 Monitor compliance with internal IT policies, procedures, and enterprise risk tolerance. 4. Stakeholder Engagement & Collaboration: Work closely with IT, Information Security, Compliance, and Internal Audit teams. Serve as the subject matter expert (SME) on IT control testing and risk identification. Communicate findings, risks, and recommendations clearly to technical and non-technical stakeholders. 5. Reporting and Documentation: Develop testing scripts, risk-control matrices, and evidence documentation. Prepare executive-level reports highlighting key findings, trends, and remediation status. Track control testing progress and report deviations from expected timelines or outcomes. 6. Continuous Improvement: Stay current with technology risk trends, emerging threats, and evolving compliance standards. Recommend enhancements to IT control testing methodologies, tooling, and governance processes. Key Qualifications: Education: Bachelors degree in Information Technology, Computer Science, Cybersecurity, Risk Management, or related fields. Advanced certifications are a plus. Certifications (preferred): CISA (Certified Information Systems Auditor) CRISC (Certified in Risk and Information Systems Control) CISSP, CGEIT, or ITIL certifications Experience: 810 years in IT risk management, internal audit, or control testing within financial services or technology-driven environments. Technical Skills: Strong knowledge of ITGCs, application controls, and system security principles Hands-on experience with GRC platforms (e.g., Archer, MetricStream, ServiceNow GRC) Familiarity with scripting or automation tools for testing/reporting is a plus Proficient in Excel, Power BI, or Tableau for data analysis and reporting Please share your cv at surbhi.malhotra@nlbtech.com

Key Responsibilities: 1. IT Control Testing and Evaluation: Plan and execute control testing of ITGCs and automated application controls. Evaluate design and operating effectiveness of controls related to: User access management (IAM) Change management System development lifecycle (SDLC) Backup & recovery IT operations and infrastructure security Document testing procedures, results, and exceptions in line with ERM standards. 2. Risk and Control Self-Assessments (RCSA): Support IT RCSA activities across technology platforms and infrastructure. Identify and assess IT risks, including cybersecurity threats and third-party/vendor risks. Collaborate with IT stakeholders to remediate identified control gaps and improve IT control posture. 3. Regulatory and Framework Compliance: Ensure alignment with regulatory requirements and industry frameworks such as: SOX (Sarbanes-Oxley) FFIEC, OCC, NIST, COBIT, ISO 27001 Monitor compliance with internal IT policies, procedures, and enterprise risk tolerance. 4. Stakeholder Engagement & Collaboration: Work closely with IT, Information Security, Compliance, and Internal Audit teams. Serve as the subject matter expert (SME) on IT control testing and risk identification. Communicate findings, risks, and recommendations clearly to technical and non-technical stakeholders. 5. Reporting and Documentation: Develop testing scripts, risk-control matrices, and evidence documentation. Prepare executive-level reports highlighting key findings, trends, and remediation status. Track control testing progress and report deviations from expected timelines or outcomes. 6. Continuous Improvement: Stay current with technology risk trends, emerging threats, and evolving compliance standards. Recommend enhancements to IT control testing methodologies, tooling, and governance processes. Key Qualifications: Education: Bachelors degree in Information Technology, Computer Science, Cybersecurity, Risk Management, or related fields. Advanced certifications are a plus. Certifications (preferred): CISA (Certified Information Systems Auditor) CRISC (Certified in Risk and Information Systems Control) CISSP, CGEIT, or ITIL certifications Experience: 810 years in IT risk management, internal audit, or control testing within financial services or technology-driven environments. Technical Skills: Strong knowledge of ITGCs, application controls, and system security principles Hands-on experience with GRC platforms (e.g., Archer, MetricStream, ServiceNow GRC) Familiarity with scripting or automation tools for testing/reporting is a plus Proficient in Excel, Power BI, or Tableau for data analysis and reporting Please share your cv at surbhi.malhotra@nlbtech.com

Role detail 4 to 8 years of experience in assurance, information security, vendor/ supplier/ third party risk assessment Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO22301, privacy etc. Knowledge of technical domains such as network security, cloud security, application security, control testing Knowledge of concepts such as vendor risk profiling, country risk assessment, outsourcing/ technology regulations Experience in assessing emerging technologies such as robotics, IOT, DLT, Social, Mobile etc., Exposure to TPRM specific regulations (FED, MAS, OCC, etc.), Exposure in assessing different third parties e.g. Brokers, Exchanges, etc., Worked with TPRM tools, platforms & utilities such as KY3P, TruSight, ServiceNow, OneTrust, CyberGRX, Coupa etc, Strong Auditing skills is desired, experience in IT Compliance, ITGC testing, and Assurance is a plus Strong problem solving and logical approach skills Excellent written and verbal communication skills Consistent display of technical proficiency Ability to work well in teams Willingness to travel within India or abroad for project/assignments. Demonstrate integrity, values, principles, and work ethic and lead by example CISA/ CISSP/ CISM/ISO27001 LA / LI / Cloud security certificates Prior exp in IT Audit, SOC 1, SOC 2 Qualifications: Bachelors degree in computer science or related field Excellent communication and team collaboration skills

Job description You'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And were counting on your unique voice and perspective to help become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Technology Risk As part of our Technology Risk team you'll contribute technically to IT Risk and Assurance client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. Youll also identify potential business opportunities for within existing engagements and escalate these as appropriate. Similarly, youll anticipate and identify risks within engagements and share any issues with senior members of the team. The Opportunity Were looking for Manager level to join the leadership group of our Assurance- Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your key responsibilities are to Manage and lead a team of SAP staff and seniors on SAP projects, ensuring adherence to project timelines and quality standards. Counselling the team members with the SAP related queries, latest updates on relevant applicable standards. Preparing and sharing the proposal & pursuits for SAP engagements. Performing budget vs actual analysis and ensure complete utilisation of the team members throughout the engagement. Regular connects with onshore counterparts to ensure the deliverables are meeting expectations & standards, creating opportunities basis skill sets. Managing schedules of the team members based on the project requirements, skills, scope of work. Participate in designing, developing, and implementing SAP solutions to meet business requirements effectively and effectively. Contribute to the SAP CoE team as a key member and assist with facilitating practice wide training (SAP ITGC/ SAP ITAC /SAP Pre & Post Implementation) curriculum. Work closely with onshore, cross-functional teams and develop strong relationships as project manager across the organisation. Stay updated with and promote awareness of updated ERP versions & its functionalities, industry best practices. Active team member executing project management/ stakeholders management (Client, Assurance, onshore) Provide quality deliverables with value addition on the engagements and is known as SMR across organization. Skills and attributes for success Excellent project management, time management, managerial and leadership skills. Experience in reviewing and testing of SAP S4 Hana / SAP ECC IT general controls (ITGC) for key domains such as access management, change management, computer operations, SDLC (System Development Life Cycle) Experience in reviewing and testing SAP S4 Hana / SAP ECC security & configurations such as debugging, client settings, etc. Experience in performing pre & post implementation reviews in SAP S4 Hana / SAP ECC environment and have been through S4 Hana/ ECC lifecycle & performing migration testing. Knowledge and understanding of the TCode, tables used to extract the data from SAP S4 Hana / SAP ECC with relation to ITGC and ITAC testing. Knowledge and understanding of SAP S4 Hana / SAP ECC user access security architecture (Roles, profiles, Authorisation objects) Experience in testing of firefighter controls in SAP S4 Hana / SAP ECC and GRC. Experience in reviewing and testing the Operating System (OS) and Hana Database (DB) controls in SAP S4 Hana / SAP ECC environment. Experience of working with other SAP applications such as GRC, Fiori, BW, BI, Ariba, Concur, Success Factor, VIM, Vistex. Experience in evaluation and testing of sensitive access and SOD (Segregation of Duties) across key business and IT process in SAP S4 Hana / SAP ECC and GRC environment. Experience in SAP GRC access control (AC) & process control (PC), financial compliance management (FCM). Experience in performing the walkthrough (Test of design) directly with the client, Operating Effectiveness and have knowledge of the financial statements assertions. Knowledge and understanding of the auditing methodology. Experience in reviewing and interpretation the ABAP codes with relation to the control testing for ITGCs and ITACs in SAP S4 Hana / SAP ECC environment. Experience in reviewing and testing the key reports ensuring the risks (completeness & accuracy) related to IPEs (Information Produced by Entity) are addressed. Knowledge and experience of industry specific SAP S4 Hana / SAP ECC modules. Knowledge of SAP S4 Hana / SAP ECC standard functionalities in relation to business and IT controls. Experience in reviewing and testing the key business process configurations (ITACs) in SAP S4 Hana / SAP ECC environment. Having strong knowledge of SAP S4 Hana / SAP ECC configurations (e.g., 3-way match, copy controls) is must. Experience in testing of interface controls between multiple systems and middleware controls. Experience in IT audit in the context of a financial audit & related regulations, auditing standards and guidelines. Knowledge and understanding of control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX. Knowledge and understanding of common IT governance, control, and assurance industry frameworks, including COBIT and ISACA best practices. Knowledge and understanding of third-party attestation standards (particularly SSAE16/18), other reporting and industry specific standards. To qualify for the role, you must have B.E/B.Tech (CS/ IT)/MBA, CA with at least 1+ years of experience. SAP S4 Hana / SAP ECC functional modules/ ABAP/ Security Certification (Preferred) CISA certified (Preferred) ISO 27001:2013 certified (Preferred) Any other relevant certification (Preferred) What we look for A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment. Opportunities to work with technology risk practices globally with leading businesses across a range of industries. What we offer Were dedicated to helping our clients, from startups to Fortune 500 companies. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way thats right for you.

Position Overview: We are seeking a proactive IT GRC professional to strengthen our governance, risk, and compliance framework. This role involves ensuring regulatory compliance, conducting IT risk assessments, managing audits, and driving policy implementation across technology functions. Ideal candidates will have a strong understanding of SEBI, RBI, and other regulatory guidelines relevant to the broking industry, along with hands-on experience in IT controls, cyber risk, and compliance reporting. Role & responsibilities: Implement, and maintain IT GRC frameworks, policies, procedures, and controls. Tracking compliance / regulatory requirements and ensure on timely reporting and closure. Maintain and Update Technology activity tracker. Drafting of documentations likes policy, procedure and SOPs, reports. Co-ordinating with various teams for receipt of timely data/ information to various regulatory authorities. Managing IT/ Technology audit like System Audit, IT General Controls audit, and other technology compliances etc. Facilitates audits, coordinate with various internal and external stakeholders for audit related data. Liaising with auditors for any follow-up actions etc. Managing ISO 27001:2022, ISO 22301: 2019 internal and external audits, along with preparedness and review of relevant documentation. Knowledge of Application Security, Vulnerability Assessment and Penetration Testing. Co-ordinate with various technology teams for closure of observations. Evaluating the best industry practice followed and identify the various process improvements and implementations. Preferred candidate profile: 1) 6 to 10 years of experiences in Information Technology infrastructure, IT audits. 2) Experience in managing information technology management, GRC, System, ISO 27001:2022, ISO 22301: 2019, ITGC audit. 3) Candidate should have Good knowledge of SEBI, RBI, CERT- IN, and other regulatory guidelines and framework. 4) Good interpersonal, communication, documentation, presentation skills and problem solving skills.

EYGDS is actively seeking seasoned ITGC SAP professionals to join our team. Experience required - 3 to7 years Locations - Gurgaon, Bangalore, Pune, Chennai, Noida, Pune, Kochi, Trivandrum & Kolkata Required Skills: Experience in reviewing and controls testing of SAP S4 Hana / SAP ECC including IT general controls (ITGC) and IT Application Controls (ITAC) pre & post implementation reviews migration testing. Security & configurations such as debugging, client settings, etc. Understanding of the TCode, tables used to extract the data from SAP S4 Hana / SAP ECC with relation to ITGC and ITAC testing. Understanding of SAP S4 Hana / SAP ECC user access security architecture (Roles, profiles, Authorization objects). Good to have certifications on SAP S4Hana/ SAP ECC security or business modules, CISA, CISSP

Corporate IT Security and Governance, exp. in Information Security, ISO 27001 Implementation , Documentation. risk assessment , 2nd Line of Defense , Control Review, Control Testing, ITGC controls. ,corporate policies and procedures, GAP Analysis,