33 Soc2 Jobs

Lead and support IT compliance audits and assessments aligned with ISO 27001 and SOC 2 standards.Understanding of regulatory compliance standards, such as GDPR, HIPAA,PCI-DSS,or ISO27001.Understanding of cloud platforms (AWS, Azure, or Google Cloud)

Looking for a candidate with 5+ years of experience in IT Audit, Risk Management, and Compliance within Banking/NBFCs. Must have expertise in COBIT, NIST, RBI guidelines, ISO standards, IT systems and risk assessments. CISA certification is must.

Lead GRC , risk assessment, and implementation. Strong in ISO 27001, PCI, PSS, SOC 2, IRDAI. Ensure compliance, audits, awareness. Design InfoSec strategies aligned with ISO, NIST, RBI, SEBI to enhance cybersecurity and meet regulations.

Responsibilities: Design and implement secure frameworks and features (e.g., Passkeys). Collaborate with Security & Engineering to drive roadmap execution. Lead architecture decisions and participate in security-focused code reviews. Break down complex problems into agile deliverables. Mentor junior engineers and champion security best practices. Ensure secure, scalable solutions for internal tools and customer-facing products. Requirements: 5+ years in software engineering with leadership responsibilities. Proficient in Java (Spring), JavaScript/TypeScript, React, and CI/CD pipelines. Experience with Docker, Kubernetes, AWS, and IaC tools (Terraform, Ansible, etc.). Knowledge of authentication (SAML, JWT, OIDC), authorization, cryptography, and app security. Familiarity with security compliance (PCI DSS, SOC2, HIPAA, FedRAMP) is a plus. Strong communication and cross-functional collaboration skills.

Job Description: IT GRC Analyst I Department: Information Technology Reports To: Senior IT GRC Analyst Location: 100% Remote Experience: 10+ Years Job Summary: We are seeking a dedicated IT GRC (Governance, Risk, and Compliance) Analyst I to join our dynamic IT team. The primary responsibility of this entry-level role is to assist in ensuring that IT operations are in compliance with regulatory requirements and internal policies, with a particular emphasis on supporting Sarbanes-Oxley (SOX) audits. The IT GRC Analyst I will support risk assessments, policy development, compliance monitoring activities, and SOX audit preparations. Key Responsibilities:* Assist in the development, implementation, and maintenance of IT policies and procedures. Conduct regular risk assessments and audits to ensure compliance with regulatory standards and internal policies, with a focus on SOX controls. Support the IT team in identifying, evaluating, and mitigating IT risks. Monitor compliance with security policies and procedures to ensure a secure environment. Collaborate with different departments to ensure integrated risk management practices. Assist in preparing and executing SOX IT control reviews, documenting compliance efforts, and maintaining records of SOX controls. Provide support in responding to internal and external SOX audits and regulatory assessments. Recommend improvements to SOX controls and processes to enhance the overall security posture. Maintain up-to-date documentation of IT GRC activities, compliance reports, and SOX audit evidence. Qualifications: Bachelor's degree in Information Technology, Computer Science, or a related field. Basic understanding of IT GRC principles, regulatory requirements, risk management frameworks, and SOX compliance. Strong analytical and problem-solving skills. Excellent written and verbal communication skills. Ability to work collaboratively in a team environment. Basic knowledge of security standards (e.g., ISO 27001, NIST, GDPR, HIPAA) and SOX compliance requirements is a plus. Relevant certifications (e.g., CISA, CRISC, CISSP) are desirable but not required for entry-level applicants. Experience: Entry level; 0-2 years of experience in IT risk management, compliance, or a related field, preferably with exposure to SOX compliance activities.

Introduction About IBM IBM is a global technology and innovation company. It is the most extensive technology and consulting employer globally, with a presence in 170 countries. The diversity and breadth of the entire IBM portfolio of research, consulting, solutions, services, systems and software, distinguishes IBM from other companies in the Industry. Over the past 100 years, a lot has changed at IBM in this new era of Cognitive Business, IBM is helping to reshape industries as diverse as healthcare, retail, banking, travel, manufacturing, and many more, by bringing together our expertise in Cloud, Analytics, Security, Mobile, and the Internet of Things. We like to say, be essential. We are changing how we craft, how we collaborate, how we analyze, how we engage. Join the next generation of innovators, inventors, and entrepreneurs who are crafting the very way the world works. We want the brightest minds doing work that encourages an environment where growth is supported. IBMers get to discover their potential, so theyre inspired to build breakthroughs that help our clients succeed. Were building teams with dynamic strengths with people who want their ideas to matter. Join us - youll be proud to call yourself an IBMer. Our Culture : IBM is committed to crafting a diverse environment and is proud to be an equal opportunity employer. You will receive consideration for employment without regard to your race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Your role and responsibilities Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk Required education Bachelors Degree Preferred education Doctorate Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

Role & responsibilities General description of the role: Minimum 8 years of experience in managing security audits, such as, ISO 27001, HIPAA, SOC 1, SOC2, PCIDSS Including preparing control owners for audits, interpreting control requirements, reviewing control evidence for appropriateness, testing control effectiveness, presenting control evidence to external auditors, and audit planning with external auditors In-depth knowledge of security controls, interpreting control requirements for SOC 2, ISO, or HIPAA, PCIDSS audits, reviewing control evidence for completeness an accuracy, and ensuring evidence provided to auditors satisfies control requirements. Ability to of plan and lead meetings with control owners and external auditors. Ability to clearly define control requirements to control owners or explaining control evidence to external auditors. Supports the Security Audit function by reviewing evidence submissions for accuracy and completeness, following up on audit requests, and helping to establish a continuous monitoring function. Assist in testing and verification of all controls and formulating reports documenting findings. Recommends and assists in the definition and implementation of security controls in accordance with enterprise policies, standards, and procedures. Work closely with internal business teams to assist in the identification and assessment of potential security risks, and establish risk owners, ratings, and management action plans. Ensure continuity of compliance with ISO27001 and ISO 22301, PCI DSS, HIPAA, GDPR Analyse potential impact of new threats and communicates risks to relevant business units Manage security operations, analyse security exceptions, gather necessary background information, document exceptions and ensure that the risk is recognized and managed with compensating controls Provide orientation to Business Units on Risk Assessment, Business Continuity Plan and Business Impact Analysis Facilitate in preparation of Business continuity plan for each project and functions Conduct internal ISMS and BCMS audits and identify potential gaps in the system Prepare detailed and summary reports of assessments, remediation plans as needed and advise internal stakeholders Report the audit findings on the potential weakness in the system and areas of improvement Preferred candidate profile Top 5 Skill Set Hands-on experience with security technologies Experience in Information security and business continuity internal audits Strong Knowledge in risk management, ISO 27001, ISO 22301 PCI DSS, HIPAA, GDPR, SOC 2 Knowledgeable in security concepts, techniques, tools, methods, and practices Good technical in cyber security products Individually to perform the technical audits

Looking for a candidate with 5–8 years of experience in IT Audit, Risk Management, and Compliance within Banking/NBFCs. Must have expertise in COBIT, NIST, RBI guidelines, ISO standards, IT systems and risk assessments. CISA certification is must.

The candidate will have a background in compliance frameworks such as SOC 2, GDPR, HIPAA, and GRC .You will play a role in conducting assessments, managing compliance programs, and ensuring our organization industry regulations and standards.

Overview The Cybersecurity Governance, Risk, Compliance (GRC) Senior Analyst position is responsible for managing risks related to information security, privacy, governance, vendor security assurance, policy, and compliance. Contributes to preserving the high standards of confidentiality, integrity, and availability of EagleView mission-critical information. Conducts Cybersecurity risk assessments, evaluates controls, and provides feedback to management and process owners on the design and effectiveness of control processes. Implements and maintains on-going programs and processes to test the design and operational effectiveness of security controls. Responsible for ensuring IT assurance and compliance related activities are completed in accordance with industry standards and regulatory requirements. The position reports to the Manager, GRC, and is responsible for executing the key functions of information risk management, security compliance, governance, and information security assurance. Primary Responsibilities In these roles, you are part analyst, engineer, and advisor. You have the ability to ramp up quickly into a solid, productive member of the Security GRC team. You are organized and have the ability to innovate and automate as we continually look to improve our processes and tools. You may own process areas, projects, or technologies for governance, risk and compliance purposes. You create and maintain relationships with business and technical experts through the company who provide expertise in security requirements and solution management. You are expected to work independently while still asking for help on some areas. You are a bridge builder helping to coordinate and bring together various parts of the organization around a common process through the use of tools, and communications channels. Ensure compliance with laws, regulations, and industry standards, and compliance programs (e.g. SOC2, PCI, ISO 27001, NIST 800-X) Create processes to support effective risk identification, evaluation, communication, and remediation Participate in Risk Management Committee meetings Work with risk owners to develop plans of action to reduce or mitigate risks Analyzes security controls for effectiveness of design by evaluation of control documentation and process Analyzes security controls for operational effectiveness by evaluation of control evidence Contribute to corporate information risk management strategy, policies, standards, and tactical plans Contributes to a comprehensive internal security audit program that validates existing security controls Contribute to the company-wide security awareness program and compliance training Coordinate annual enterprise risk assessment and PCI-self assessment activities Ensure all systems, processes, and changes are formally documented Works closely with internal and external auditors, regulators, and examiners, including coordination and compilation of technology documentation requests, reports, and assurance letters to ensure security compliance Maintains the Risk Register and support processes to define and measure risks, then plan risk responses with company leadership Ability to work collaboratively with internal and external departments, vendors, and other key stakeholders Skills/Requirements Required Knowledge, Skills and Experience: Bachelor's degree in a technology or business-related field (BSc or BBA preferred) 8 years overall experience in Information Security, Risk Management, or IT audit 5 years of hands-on experience supporting one or more of the following programs: Risk Management Vendor Risk Management Security Audits and Compliance (especially SOC2) Vulnerability Management Understanding of controls and risks sufficient to identify and evaluate control effectiveness and identify gaps between risks and controls Working knowledge of business and risk assessment methodologies/mitigation strategies using industry standards (e.g., COBIT, ITIL, ISO 27001:2013, NIST, OWASP, etc.) Very high attention to detail, with strong skills in managing/presenting data and information Very strong skills in documentation, including policies, standards, processes and procedures Ability to work independently and productively without constant supervision Critical thinking and analytical ability Excellent verbal and written communication skills Preferred Knowledge, Skills and Experience: Certification such as SANS GIAC, CISA, or CISSP preferred Previous experience in a software development company is preferred Experience using a GRC management platform (e.g. Archer, ZenGRC, etc.)

Manage IT audits (SOX, ITGC), ensure quality delivery, review testing docs, identify process gaps, prepare reports, handle clients, guide juniors, support proposals, and improve engagement productivity.. Required Candidate profile Looking for 3–5 yrs exp in IT audits (SOX, ITGC), risk assessment, SOC1/2, with strong MS Office skills, good communication, and CISA/BE/B.Tech/MBA/MCA background. Big 4 experience preferred.

Hi, Greeting for the Day!!! We found your profile suitable for the below opening, kindly go through the JD and reach out to us if you are interested. About Us Incorporated in 2006, We are an 18 year old recruitment and staffing company, we are a provider of manpower for some of the fortune 500 companies for junior/ Middle/ Executive talent. About Client Hiring for One of the Most Prestigious Multinational Corporations! Job Description Job Title : ITGC Trainer/Manger Qualification : Any Graduate or Above Relevant Experience : 10-15yrs Essential Duties and Responsibilities : Serve as an IT General Controls (ITGC), IT Application Controls (ITAC), Interfaces and Key Reports trainer, providing high-quality training sessions to users. Must have experience in conducting IT Audits and fundamentals training covering Domains such as Access Management, Change Management, SDLC, IT Operations, Interfaces, and Application Controls (Configurable, Non-configurable), Interfaces, IPEs, Data Migration and Platform. Must have experience in conducting Advanced Technology based IT Audit trainings (SAP, Oracle, Cloud and Dev-Ops). Must have experience in SOC1/ SOC2. Must have hands on experience working on at least ITGC, ITAC, IPE and experience in the following modules will be an added advantage: IT Service Management, IT Asset Management, Physical Security. Design, create, edit, and publish engaging learning content in various formats. Develop and maintain knowledge content within the team for easy consumption by end users. Ensure training aligns with the best practices in the industry and PCAOB guidelines. Ability to create visually appealing slides with clear, concise, and relevant information, using appropriate graphics and animations. Use interactive elements such as Q&A, polls, or discussions to maintain audience interest and participation. Location : Kolkata/Bangalore/Hyderabad CTC Range : 25 to 35LPA (Lakhs Per Annum) Notice period : Immediate/serving Notice period/60 days Mode of Interview : VIRTUAL Mode of Work : Hybrid Prerna IT Staffing Analyst Black and White Business solutions PVT Ltd Bangalore, Karnataka, INDIA 8067432409 I prerna@blackwhite.in I www.blackwhite.in

GRC professional with good understanding of industry frameworks and standards 2. In-depth experience on Third-Party Risk Management a. Evaluating third party's cybersecurity control and ensuring they are in compliance with organizations standards and industry best practices b. Track and monitor the status of each due diligence review and communicate the status with management and key stakeholders on a regular basis c. Articulate risks and potential options for remediation or compensating controls d. Understand inherent risk assessment e. Perform new and recurring third party security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation tracking responsibility 3. Strong business and communication skills 4. Experience in driving meetings with stakeholders 5. Provide advisory and consulting to client on new trends and challenges in enterprise risk management area 6. Experience in design and development of information security policies, standards, and guidelines 7. Experience on SIG (shared assessments), ISO 27001, NIST framework, SOC 1, SOC2, ISO 27001 and HIPAA 8. Lead and drive meeting with top management 9. Design / modify Contract security language / security clauses 10. Co-ordinate and negotiate security clauses with Procurement team and Supplier 11. Experience on GRC platforms 12. Client interface for understanding the IT Governance, IT Risk & Compliance Management Controls as applicable to Infrastructure operations 13. Well versed and hands-on experience for establishing processes, controls and audits of compliances like HIPAA, CFR, PCI DSS & SOX ITGCs. 14. Documentation of as-is IT & Risk management Controls as they are currently being executed in client environment and ensuring that the same controls are followed and implemented in service delivery operations 15. Work with the client & technical teams for change request on any risk or control implementation as well as governance process 16. Participate in internal as well as external regulatory as well as IT security audits. Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security

Qualification and Minimum Entry Requirements B.Tech (IT/CSE) with 8+ Years of relevant experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls and ERP Audits. Candidate should have intermediate knowledge of financials, operations and technology and its related risks Candidate should have good knowledge for SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security and risk management frameworks/ standards (ISO 27001, NIST, COBIT, ITIL, PCI.) Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP) Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word and PowerPoint MS Visio skills to develop process and data flow diagrams Strong multi-tasking and project management skills Excellent verbal and written communication (English) as this a client facing role and it requires frequent communications with RSM International clients. Position and Key Responsibilities As a Manager in RSMs growing Technology Risk Consulting, you will have the opportunity to develop into a seasoned consultant through a high degree of client and industry exposure, career development and mentorship opportunities, and a diverse and inclusive culture. The fast-paced and dynamic environment in which we operate will provide you with daily challenges and exciting opportunities. In the Technology Risk Consulting Practice, our consultants help our clients with design and optimization of controls utilizing a general knowledge of business processes, accounting, and information technologies by identifying and prioritizing risk and transform their technology risk management and assurance capabilities to be aligned to the key risks and strategies of their organization. Develop an understanding of the RSM Technology Risk Consulting approach, methodology and tools Develop an understanding of the Industry leading frameworks and methodologies for Sarbanes-Oxley, COBIT, NIST and ITIL Demonstrate understanding of business processes, internal control risk management, IT controls, and related regulatory and compliance standards Perform technology risk assessments and reviewing, documenting, evaluating control’s design and operating effectiveness, IT internal audit consulting activities (internal audits over ERP systems, IT security, and other IT systems), perform external audit assurance activities, and perform service organization control services activities related to SSAE18 SOC 1 and SOC 2 reporting services Performing risk analysis by reviewing the information security policy documents against industry standards/ regulatory requirements and drafting risk reports, which summarize the information security assessment including any risks to the organization Perform first level review of associates work for accuracy, completeness, and well-reasoned conclusions Review and complete status documents for client delivery Execute components of IT audits under offshore delivery model in an effective and efficient manner Use problem solving and critical thinking skills to quickly identify internal control deficiencies, evaluate their risk implications, and draw the appropriate conclusions to best advise our clients Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, supervisors, and senior management in the U.S. on a daily basis Manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients Provide timely, high quality client service that meets or exceeds client expectations including coordinating the development and execution of the consulting work plan and client deliverables Understand RSM US and RSM Delivery Center's LOB’s and work as a team in providing an integrated service delivery Ensure professional development through ongoing education

As a part of RSMs growing Technology Risk Consulting, you will have the opportunity to develop into a seasoned consultant through a high degree of client and industry exposure, career development and mentorship opportunities, and a diverse and inclusive culture. The fast-paced and dynamic environment in which we operate will provide you with daily challenges and exciting opportunities. In the Technology Risk Consulting Practice, our consultants help our clients with design and optimization of controls utilizing a general knowledge of business processes, accounting, and information technologies by identifying and prioritizing risk and transform their technology risk management and assurance capabilities to be aligned to the key risks and strategies of their organization.Qualification and Minimum Entry Requirements Job Description B.Tech(CSE/IT)/MCA/MBA/CA with 0-5 Years of relevant experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls and ERP Audits. Candidate should have intermediate knowledge of financials, operations and technology and its related risks Candidate should have good knowledge for SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security and risk management frameworks/ standards (ISO 27001, NIST, COBIT, ITIL, PCI.) Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP) Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word and PowerPoint MS Visio skills to develop process and data flow diagrams Strong multi-tasking and project management skills Excellent verbal and written communication (English) as this a client facing role and it requires frequent communications with RSM International clients. Position and Key Responsibilities Develop an understanding of the RSM Technology Risk Consulting approach, methodology and tools Develop an understanding of the Industry leading frameworks and methodologies for Sarbanes-Oxley, COBIT, NIST and ITIL Demonstrate understanding of business processes, internal control risk management, IT controls, and related regulatory and compliance standards Perform technology risk assessments and reviewing, documenting, evaluating controls design and operating effectiveness, IT internal audit consulting activities (internal audits over ERP systems, IT security, and other IT systems), perform external audit assurance activities, and perform service organization control services activities related to SSAE18 SOC 1 and SOC 2 reporting services Performing risk analysis by reviewing the information security policy documents against industry standards/ regulatory requirements and drafting risk reports, which summarize the information security assessment including any risks to the organization Perform first level review of associates work for accuracy, completeness, and well-reasoned conclusions Review and complete status documents for client delivery Execute components of IT audits under offshore delivery model in an effective and efficient manner Use problem solving and critical thinking skills to quickly identify internal control deficiencies, evaluate their risk implications, and draw the appropriate conclusions to best advise our clients Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, supervisors, and senior management in the U.S. on a daily basis Manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients Provide timely, high quality client service that meets or exceeds client expectations including coordinating the development and execution of the consulting work plan and client deliverables Understand RSM US and RSM Delivery Center's LOB’s and work as a team in providing an integrated service delivery Ensure professional development through ongoing education Preferred candidate profile

Job Requirements Design and execute the day-to-day activities of Information Technology (IT) audit engagements, with a focus on strategic, operational and regulatory/compliance related risks Plan activities related to development of audit program, and execution of internal audits and IT control assessments in the following areas: cybersecurity, IT strategy and governance, IT operations, business continuity and disaster recovery, network and infrastructure security, cloud and third party risk, programs and projects, automation, General Information Technology Controls (GITCs) and application controls, and regulatory/compliance requirements Review clients' processes and controls against leading practice and industry frameworks, identify gaps in design and execution, and communicate issues and recommendations to engagement leads and client management Contribute to IT Audit knowledge base and internal practice development initiatives Supervise and provide performance management for IT audit staff working on assigned engagements Write and present clear and concise reports and presentations containing meaningful observations and recommendations to clients, and document procedures performed and conclusions reached related to projects Support proposal and business development activities by assisting in the identification of new target clients, building business relationships with key executives, and developing/presenting proposals Provide oversight and leadership to team members regarding deliverables, project plans, and performance management while contributing to industry and regulatory publications, writing professional and thought leadership articles, and speaking at related conferences and seminars Mandatory technical & functional skills Bachelor's degree in an appropriate field from an accredited college/university; Master's degree from an accredited college/university is preferred Prior knowledge leading and executing risk-based IT-related internal audits and/or risk and control assessments, leveraging IT governance and control frameworks such as COBIT, NIST CSF, NIST 800-53, and ITIL and proficiency in core requirements and methodologies for SOX internal control programs Experience with IT Risk Management and three lines of defense frameworks CISA, PMP, CISSP or CRISC certification is preferred Key behavioral attributes/requirements Ability to work well independently as well as part of a team Driven and enthusiastic with a can-do attitude and a strong sense of ownership to get the job done in a pragmatic fashion

8+ Years of exp in Database Technologies: AWS Aurora-PostgreSQL, NoSQL,DynamoDB, MongoDB,Erwin data modeling Exp in pg_stat_statements, Query Execution Plans Exp in Apache Kafka,AWS Kinesis,Airflow,Talend.AWS Exp in CloudWatch,Prometheus,Grafana, Required Candidate profile Exp in GDPR, SOC2, Role-Based Access Control (RBAC), Encryption Standards. Exp in AWS Multi-AZ, Read Replicas, Failover Strategies, Backup Automation. Exp in Erwin, Lucidchart, Confluence, JIRA.

Role- ITGC Location - Gurgaon, Kochi, Kolkata, Noida, Bengaluru, Chennai, Pune Exp - 1-3 Years To qualify for the role, you must have Preferably B.E/B.Tech (Computers, Electronics, Data Analytics), BCA/MCA, B.Sc/M.Sc. (computers major), MBA, CA. Must Have 1-3 years of hands-on internal/external IT Audits Atleast One - IT General Controls, IT Automated Controls, and Service Organization Controls Reporting (SOCR - SSAE 16 / ISAE 3402) SOC 1, 2, & 3 Reporting Able to perform independent security configuration review of common operating systems and databases - Windows, Unix, DB2, AS400, SAP R3ECC/HANA, Mainframe, SQL, Oracle. Knowledge of documentation and data analysis tools like Word, Excel, Access, Strong English verbal and written communication skills. Nice to have CISA, CISM, CRISC, ISO27001, Data privacy certifications IT audit knowledge for a financial audit - Control frameworks such as COSO, related regulations including SOX and J-SOX Data analytics/automation tool SQL, Monarch, BluePrism, Alteryx, PowerBI German/Dutch/French language is an added advantage.

Role- ITGC -Senior Location - Gurgaon, Kochi, Kolkata, Noida, Bengaluru, Chennai, Pune Exp- 3-6 Years To qualify for the role, you must have Preferably B.E/B.Tech (Computers, Electronics, Data Analytics), BCA/MCA, B.Sc/M.Sc. (computers major), MBA, CA. Must Have 3-6 years of hands-on internal/external IT Audits Atleast One - IT General Controls, IT Automated Controls, and Service Organization Controls Reporting (SOCR - SSAE 16 / ISAE 3402) SOC 1, 2, & 3 Reporting Able to perform independent security configuration review of common operating systems and databases - Windows, Unix, DB2, AS400, SAP R3ECC/HANA, Mainframe, SQL, Oracle. Knowledge of documentation and data analysis tools like Word, Excel, Access, Strong English verbal and written communication skills. Nice to have CISA, CISM, CRISC, ISO27001, Data privacy certifications IT audit knowledge for a financial audit - Control frameworks such as COSO, related regulations including SOX and J-SOX Data analytics/automation tool SQL, Monarch, BluePrism, Alteryx, PowerBI German/Dutch/French language is an added advantage.

Key Responsibilities Solid experience in AWS IaaS deployment Pipelines, IAM, VPCs, Security Groups, VPN, microservices, CloudTrail, etc. Knowledge of Amazon Web Services such as EC2, S3, SQS, Route53, Amplify, DynamoDB, Neptune. Experience in developing or administering the security of AWS cloud environments. Experience in cross-account deployment of resources using Pipelines, CodeCommit, CodeBuild. Practical knowledge of several security practices in SDLC and supporting IT security tools. Improve existing monitoring to provide end-to-end observability of our platform. Scale our platform and processes to continue serving our growing customer base Define and implement disaster recovery processes Automation scripting skills - Python or equivalent Build & support Site Reliability function & participate in building tools to report system KPIs Deliver tasks based on project objectives; technically support projects through to completion Must be able to work independently or with a team, under minimum supervision Articulate verbal and written communication Eagerness to share knowledge across engineering teams Has worked in a fast paced, dynamic environment Qualifications Bachelors or Master’s degree in Computer Science, a related field, or equivalent work experience Minimum of 4+ years of experience Prior experience working in an SRE/DevOps/Cloud Engineering role on a cross-functional agile team Experience working with industry standards or programs such as SOC2, ISO, HITRUST is a plus AWS Certification, CISSP, Security+ is a plus Ability to improve automation through the CI/CD pipeline through analysis of the current process using tools Experience developing deployment strategies for SaaS applications Additional Information At Privaini Software India Private Limited, we value diversity and always treat all employees and job applicants based on merit, qualifications, competence, and talent. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. onsibilities Preferred candidate profile Perks and benefits

Summary: The Sr. Executive Audit and Compliance is responsible for leading and managing the implementation of ISO 27001 and SOC2 Type2 across the organization. This includes developing and implementing an Information Security Management System (ISMS), conducting risk assessments, conducting internal audits, compliance monitoring, policy development, incident response and supporting and managing the certification process, BCP and DR activities Essential Duties and Responsibilities: Lead the implementation of Information and Cyber Security Framework and SOC2 Type2 compliance Conduct risk assessments to identify and prioritize information security risks and prepare gap analysis report Develop and implement security controls to mitigate identified risks Plan and execute internal audits Conduct vendor assessment audits Manage and support in internal / external audit for the certification process for information and Cybersecurity and SOC2 Type2 compliance Perform risk assessments, compliance monitoring, policy development, and incident response Monitor and maintain the cybersecurity compliance to ensure that it is effective and compliant Investigate and respond to information security incidents and plan mitigation actions Qualifications and Requirements: Bachelor's degree in computer science, information security, or a related field 2 - 4 years of experience in information security, with a focus on ISO 27001 and SOC2 Type2 Certified ISO 27001 Lead Implementer and/or Lead Auditor Experience in Information Security and SOC2 Type2 audits Strong understanding of information security best practices and standards Excellent communication and interpersonal skills Ability to work independently and as part of a team

Looking for a candidate with 5-8 years of experience in IT audit, risk management & compliance within banking/NBFCs. Must have expertise in COBIT,NIST,RBI guidelines,ISO standards, & strong skills in IT systems, risk assessments & control evaluations

Information Security and QA process compliance Experience: 5 to 8 Years` Hiring office: Chennai (Remote) Job Description The Information Security compliance function is responsible for evaluating security and compliance risks within the organization. They set up security benchmarks, verify adherence to international standards and frameworks and promote a culture of information security throughout the company. Candidates who have taken a break from career can also apply. Candidates who demonstrate strong intention and capability to learn this domain and have worked in Quality and Process development roles can apply. Excellent communication skills and documentation skills are very important. Key Responsibilities: Proficiency in Information Security domains, such as policies and procedures, risk management, compliance, and incident response; familiarity with security frameworks (ISO 27001, NIST, CIS, etc.). Creation and periodic revision of company policies and procedures to align with different compliance standards. Conduct regular security assessments and audits to ensure compliance with industry regulations and best practices. Ensure the organization follows best practices in cloud security, application security, and endpoint protection. Identify vulnerabilities and provide actionable recommendations to enhance security measures. Prepare audit reports detailing gaps, risks, and areas for improvement. Participate in compliance training sessions to educate employees on new policies and procedures. Collaborate with cross-functional teams to address security issues and improve overall security posture. Review and validate release documentation (e.g., release notes, rollback plans) for completeness and accuracy against defined acceptance criteria. Monitor and validate change management processes to guarantee compliance with SOC2, HITRUST, and industry-specific regulations. Identify gaps in the release management process and recommend corrective actions. Ensuring deployment approvals are properly documented. Work closely with Development, QA, NOC and Security teams to align release processes with compliance requirements. Communicate release compliance issues and risks to stakeholders. Track and Report on compliance metrics to senior management. Required Qualifications: Minimum 5+ years of experience and Strong knowledge of information security and cybersecurity, including network security and infrastructure assessments. Good knowledge of security frameworks, standards, and best practices (SOC2, ISO 27001, NIST and HITRUST). Proficiency in using security tools and technologies for auditing and vulnerability assessment. Certified ISO 27001 Lead Auditor Ability to work independently and manage multiple tasks effectively.

Supply Chain Risk Management - AM - BLR/GGN/ Pune - J48773 Key Responsibilities: Act as a trusted advisor to stakeholders, supporting the provision of accurate, appropriate, timely assurance information regarding the KPMG supply chain across capabilities and firmwide. Support the identification of emerging trends and issues with the KPMG supply chain to shape and inform the KPMG risk posture. Tactically deliver allocated activity from the annual service roadmap to defined standards and service levels. Support the delivery of the annualised audit schedule, with a strong understanding of a risk based approach. Be proactive in identification of continuous improvements to foster positive change within the Information Assurance team, seeking innovative solutions to enhance practices. Deliver the 2nd LoD Supply Chain audit activity to monitor supply chain compliance against regulatory, client, global and local policy & standard requirements, including ISO27001. Support the ongoing need to ensure that all supplier contracts include standardised Information Security and Data Privacy statements. Provide support to report on Supply Chain Assurance metrics, providing insights into compliance and risk, highlighting areas for improvement. Log all findings in the GRC tooling, track, review and monitor remediation results and associated evidence, supporting sign off where appropriate. Work with finding owners to ensure remediation actions plans are defined and delivered in a timely manner. Support the analysis and thematic reviews and consolidation of findings and to recommend risk treatment plans to reduce risk for the firm. Ensure audit work is documented in accordance with business standard and fully supports conclusions and overall opinion through 1st / 2nd level reviews Ensure that all work is delivered to a high standard Conduct other Information Security & Privacy audit activity on behalf of KPMG (i.e. SOC2) where appropriate. Skills and experience required: Strong stakeholder management skills, the ability to collaborate and develop relationships internally and externally Experience advising on supply chain matters, with appropriate background in developing and implementing supply chain risk and assurance frameworks Excellent ability to conduct audits in an effective and efficient manner y Working knowledge of ISO27001, Cyber Essentials/ Cyber Essentials Plus, NIST Cybersecurity Framework, CIS, SOC2, Data Protection (UK GDPR, DPA, PECR) and experience of operational implementation An understanding of ancillary frameworks (EU AI Act, UK AI Frameworks) Experience of developing processes to deliver service improvements Excellent analytical and reporting skills, using presentation tools to present complex information with exceptional attention to detail Excellent communication skills, both written and verbal Well organised and able to maintain a high workload efficiently at a consistently high standard Strong knowledge of information security controls Experience of working with GRC tools (ServiceNow) and supplier management tools (Coupa, Bitsight). Understanding of a 3 lines of defence model (risk & assurance) Be highly motivated and able to work on own initiative, ability to seek support when required. Additional Requirements: Significant experience in information security and supply chain risk and assurance. Certifications in information security, such as CISM, CISMP, CISSP. Auditor qualifications, CISA, ISO27001 Lead Auditor, GIAC or equivalent. ITIL foundation certificate or above desirable Required Candidate profile Candidate Experience Should Be : 7 To 10 Candidate Degree Should Be : BE-Comp/IT,BE-Other,BTech-Comp/IT,BTech-Other,MBA,MCA

The use of third parties is an essential element in AECOMs service delivery model and creates the need for management oversight and continuous monitoring of their security capabilities and performance. AECOM works with many third parties (e.g., vendors, partners, suppliers) each of which poses security, compliance and operational risks. AECOM is recruiting Third Party and Client Security Analysts to support the centralized Third Party and Client Risk Management Function. In this role, the analyst is expected to support the framework, operating model and supervise processes to ensure: (1) third parties are compliant with AECOMs security standards and (2) that AECOM provides the same type of assurance to our clients that its security program is compliant with regulatory requirements, standards and client expectations. Responsibilities & Duties Evaluate requests for third party engagements Conduct initial and periodic third-party risk assessments Collaborate with business requestors, procurement, legal and other teams to ensure questionnaires are completed timely Collaborate with security/IT team members to ensure a full understanding of security controls, technology and architecture Review responses to security questionnaires, SOC 1 and SOC 2 assessment reports received from third parties to identify potential risk to AECOM Identify gaps/issues based on third party and/or client standards relative to security postures Devise remediation plans and monitor to ensure adherence by third parties and AECOM security/IT Manage, enhance and implement the framework, policies, procedures and program governance to ensure alignment of TPRM with industry best practices and regulatory requirements (NIST, ISO27001, FedRamp, etc.) Develop tactical and strategic plans to evolve the third-party risk management program to ensure compliance with new regulations and alignment with industry best practices Triage/complete requests from AECOM clients regarding AECOMs control environment Manage AECOMs response to existing and potential business partners/clients/third parties security due diligence (questionnaires, site visits, etc.) Assistance with RFI/RFP processes and responses to client inquiries, ensuring comprehensive risk management throughout the process Review third party and client contracts to validate appropriate security requirements and commitments Qualifications Bachelors degree in information technology, Information Security, Risk Management or a related field 2-3 years of career experience related to information security, IT, audit, third party and/or risk Strong understanding of risk management principles and security frameworks (e.g., NIST, ISO 27001, SOC2, PCI-DSS) Extensive experience in evaluating vendor security and compliance in relation to regulatory and industry standards. Familiarity with industry GRC tools such as UpGuard, Audit Board, ServiceNow etc. is a plus/desirable Strong prioritization and organizational skills Ability to develop, document and maintain procedures Strong verbal communication with the ability to advise management regarding third party and client risk management Ability to work independently and collaborate with cross-functional teams Additional Information Ability to effectively communicate and collaborate within a specific group of internal and external customers. (Communication) Ability to maintain good customer relationship with the ability to proactively support customer needs and requirements. (Customer Service) Ability to be thorough and meticulous in completing assigned tasks and identifying errors, duplicates & discrepancies through defined methods. (Attention to Detail) Ability to identify, assess and resolve simple to moderate issues by following defined policies and procedures. (Problem Solving)