45 Soc2 Jobs - Page 2

What You'll Do Were hiring a Site Reliability Engineer to help build and maintain the backbone of Avalaras SaaS platforms. As part of our global Reliability Engineering team, youll play a key role in ensuring the performance, availability, and observability of critical systems used by millions of users. This role combines hands-on infrastructure expertise with modern SRE practices and the opportunity to contribute to the evolution of AI-powered operations. Youll work closely with engineering and operations teams across regions to drive automation, improve incident response, and proactively detect issues using data and machine learning. What Your Responsibilities Will Be Own the reliability and performance of production systems across multiple environments and multiple clouds (AWS, GCP, OCI). Use AI/ML-driven tools and automation to improve observability and incident response. Collaborate with development teams on CI/CD pipelines, infrastructure deployments, and secure practices. Perform root cause analysis, drive postmortems, and reduce recurring incidents. Contribute to compliance and security initiatives (SOX, SOC2, ISO 27001, access and controls). Participate in a global on-call rotation and knowledge-sharing culture. What You'll Need to be Successful 5+ years in SRE, DevOps, or infrastructure engineering roles. Expertise with AWS (GCP or OCI is a plus), AWS Certified Solutions Architect Associate or equivalent Strong scripting/programming skills (Python, Go, Bash, or similar) Experience with infrastructure as code (Terraform, CloudFormation, Pulumi). Proficiency in Linux environments, containers (Docker/Kubernetes), and CI/CD workflows. Strong written and verbal communications skills to support world wide collaboration.

Position - Test Engineer - Security Testing (IPv6, MPLS, IP protocol, and telecom lab setup/testing on routers/switches), EMC, Telecom, Radio, Safety protocols testing Your Impact We are seeking a Compliance Engineer - Cybersecurity focus. As a technical specialist, you will collaborate with business units, local sales, and cross-functional teams to ensure Cisco products meet compliance requirements and achieve necessary regulatory approvals. Maintain up-to-date internal documentation and compliance databases, and manage all documentation related to product testing and certification. Provide support for lab tests and resolve compliance-related issues, while staying informed about security requirements and regulations in various countries, and communicate updates to internal teams. Potentially support cybersecurity certificate documentation for other APJC countries, and contribute to technology compliance activities under the guidance of the compliance leader. Conduct information security assessments covering domains such as product security, network, and application security. Address inquiries related to Cisco products, regulations, and compliance, leveraging experience with Cisco products, lab setups, and instruments to troubleshoot and manage lab tests, particularly focusing on telecom and security, ensuring products pass tests and secure regulatory approvals. Minimum Qualifications: Bachelor's or Master's degree in Electrical Engineering or Computer Science with skills in computer programming and cybersecurity protocols. Minimum of 6 years of related cybersecurity compliance experience. Knowledge of compliance frameworks such as SOC2, ISO27001, and Common Criteria. Experience with Cisco technology and equipment; CCNA/CCNP/CCIE preferred. Familiarity with common IT systems, IPv6, MPLS, IP protocol, and telecom lab setup/testing on routers/switches. Preferred Qualifications: Strong interpersonal, verbal, and written communication skills. Team player with strong organizational and planning skills. Ability to connect and communicate with both business and IT technical staff. Ability to multi-task, focus, and tackle problems analytically. Project management skills.

Job Requirements Design and execute the day-to-day activities of Information Technology (IT) audit engagements, with a focus on strategic, operational and regulatory/compliance related risks Plan activities related to development of audit program, and execution of internal audits and IT control assessments in the following areas: cybersecurity, IT strategy and governance, IT operations, business continuity and disaster recovery, network and infrastructure security, cloud and third party risk, programs and projects, automation, General Information Technology Controls (GITCs) and application controls, and regulatory/compliance requirements Review clients' processes and controls against leading practice and industry frameworks, identify gaps in design and execution, and communicate issues and recommendations to engagement leads and client management Contribute to IT Audit knowledge base and internal practice development initiatives Supervise and provide performance management for IT audit staff working on assigned engagements Write and present clear and concise reports and presentations containing meaningful observations and recommendations to clients, and document procedures performed and conclusions reached related to projects Support proposal and business development activities by assisting in the identification of new target clients, building business relationships with key executives, and developing/presenting proposals Provide oversight and leadership to team members regarding deliverables, project plans, and performance management while contributing to industry and regulatory publications, writing professional and thought leadership articles, and speaking at related conferences and seminars Mandatory technical & functional skills Bachelor's degree in an appropriate field from an accredited college/university; Master's degree from an accredited college/university is preferred Prior knowledge leading and executing risk-based IT-related internal audits and/or risk and control assessments, leveraging IT governance and control frameworks such as COBIT, NIST CSF, NIST 800-53, and ITIL and proficiency in core requirements and methodologies for SOX internal control programs Experience with IT Risk Management and three lines of defense frameworks CISA, PMP, CISSP or CRISC certification is preferred Key behavioral attributes/requirements Ability to work well independently as well as part of a team Driven and enthusiastic with a can-do attitude and a strong sense of ownership to get the job done in a pragmatic fashion

Your role and responsibilities Lead the design, development, and deployment of scalable, secure backend systems using Java, J2EE, and GoLang. Architect and implement robust RESTful APIs and microservices aligned with enterprise cloud-native standards. Collaborate closely with DevOps, QA, and frontend teams to deliver end-to-end product functionality. Set coding standards, influence architectural direction, and drive adoption of best practices across backend systems. Own performance tuning, monitoring, and high availability for backend services using tools like Prometheus, ELK, and Grafana. Implement security, compliance, and privacy by design principles in backend systems. Lead incident response and resolution of complex production issues across multi-cloud environments (e.g., AWS, Azure, OCP). Mentor and guide junior developers and contribute to team-wide knowledge sharing and skill development. Actively participate in Agile ceremonies and contribute to continuous delivery and process improvement. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 11+ years of backend software development experience focused on scalable, secure, cloud-native enterprise systems. Deep expertise in Java, J2EE, and GoLang for building distributed backend systems. Advanced experience in architecting and implementing RESTful APIs, service meshes, and inter-service communication. Expert in Postgres or equivalent RDBMS data modeling, indexing, and performance optimization at scale. Proven track record with microservices architecture, including Docker, Kubernetes, and service deployment patterns. Expert-level familiarity with backend-focused CI/CD tooling (Jenkins, GitLab CI/CD, ArgoCD) and IaC tools (Terraform, CloudFormation). Strong knowledge of monitoring/logging tools such as Prometheus, Grafana, ELK, and Splunk, focusing on backend telemetry and observability. Experience deploying applications on cloud platforms: AWS (EKS, ECS, Lambda, CloudFormation), Azure, or GCP. Familiarity with DevSecOps, secure coding practices, and compliance-aware architecture for regulated environments. Proficient in integration, load, and unit testing using JMeter, RestAssured, JUnit, etc. Leadership in backend architecture, performance tuning, platform modernization, and mentoring of technical teams. Effective cross-functional collaboration skills in multi-team, multi-region environments. Preferred technical and professional experience Deep understanding of backend architecture patterns including microservices, event-driven architecture, and domain-driven design. Experience implementing security and privacy by design principles in cloud-native backend systems. Hands-on expertise with cryptographic protocols and standards such as TLS, FIPS, and experience integrating with Java security frameworks (e.g., JCE, Spring Security). Strong grasp of secure coding practices, with experience identifying and mitigating OWASP Top 10 vulnerabilities. Exposure to designing and developing shared platform services or backend frameworks reused across products or tenants (e.g., in multi-tenant SaaS environments). Familiarity with API security patterns, including OAuth2, JWT, API gateways (e.g., Kong, Apigee). Prior experience working on compliance-oriented systems (e.g., SOC2, HIPAA, FedRAMP) or architecting for high-assurance environments. Proficiency with Shell scripting, Python, or Node.js for infrastructure automation or backend utilities.

Lead and support IT compliance audits and assessments aligned with ISO 27001 and SOC 2 standards.Understanding of regulatory compliance standards, such as GDPR, HIPAA,PCI-DSS,or ISO27001.Understanding of cloud platforms (AWS, Azure, or Google Cloud)

Looking for a candidate with 5+ years of experience in IT Audit, Risk Management, and Compliance within Banking/NBFCs. Must have expertise in COBIT, NIST, RBI guidelines, ISO standards, IT systems and risk assessments. CISA certification is must.

Lead GRC , risk assessment, and implementation. Strong in ISO 27001, PCI, PSS, SOC 2, IRDAI. Ensure compliance, audits, awareness. Design InfoSec strategies aligned with ISO, NIST, RBI, SEBI to enhance cybersecurity and meet regulations.

Responsibilities: Design and implement secure frameworks and features (e.g., Passkeys). Collaborate with Security & Engineering to drive roadmap execution. Lead architecture decisions and participate in security-focused code reviews. Break down complex problems into agile deliverables. Mentor junior engineers and champion security best practices. Ensure secure, scalable solutions for internal tools and customer-facing products. Requirements: 5+ years in software engineering with leadership responsibilities. Proficient in Java (Spring), JavaScript/TypeScript, React, and CI/CD pipelines. Experience with Docker, Kubernetes, AWS, and IaC tools (Terraform, Ansible, etc.). Knowledge of authentication (SAML, JWT, OIDC), authorization, cryptography, and app security. Familiarity with security compliance (PCI DSS, SOC2, HIPAA, FedRAMP) is a plus. Strong communication and cross-functional collaboration skills.

Job Description: IT GRC Analyst I Department: Information Technology Reports To: Senior IT GRC Analyst Location: 100% Remote Experience: 10+ Years Job Summary: We are seeking a dedicated IT GRC (Governance, Risk, and Compliance) Analyst I to join our dynamic IT team. The primary responsibility of this entry-level role is to assist in ensuring that IT operations are in compliance with regulatory requirements and internal policies, with a particular emphasis on supporting Sarbanes-Oxley (SOX) audits. The IT GRC Analyst I will support risk assessments, policy development, compliance monitoring activities, and SOX audit preparations. Key Responsibilities:* Assist in the development, implementation, and maintenance of IT policies and procedures. Conduct regular risk assessments and audits to ensure compliance with regulatory standards and internal policies, with a focus on SOX controls. Support the IT team in identifying, evaluating, and mitigating IT risks. Monitor compliance with security policies and procedures to ensure a secure environment. Collaborate with different departments to ensure integrated risk management practices. Assist in preparing and executing SOX IT control reviews, documenting compliance efforts, and maintaining records of SOX controls. Provide support in responding to internal and external SOX audits and regulatory assessments. Recommend improvements to SOX controls and processes to enhance the overall security posture. Maintain up-to-date documentation of IT GRC activities, compliance reports, and SOX audit evidence. Qualifications: Bachelor's degree in Information Technology, Computer Science, or a related field. Basic understanding of IT GRC principles, regulatory requirements, risk management frameworks, and SOX compliance. Strong analytical and problem-solving skills. Excellent written and verbal communication skills. Ability to work collaboratively in a team environment. Basic knowledge of security standards (e.g., ISO 27001, NIST, GDPR, HIPAA) and SOX compliance requirements is a plus. Relevant certifications (e.g., CISA, CRISC, CISSP) are desirable but not required for entry-level applicants. Experience: Entry level; 0-2 years of experience in IT risk management, compliance, or a related field, preferably with exposure to SOX compliance activities.

Introduction About IBM IBM is a global technology and innovation company. It is the most extensive technology and consulting employer globally, with a presence in 170 countries. The diversity and breadth of the entire IBM portfolio of research, consulting, solutions, services, systems and software, distinguishes IBM from other companies in the Industry. Over the past 100 years, a lot has changed at IBM in this new era of Cognitive Business, IBM is helping to reshape industries as diverse as healthcare, retail, banking, travel, manufacturing, and many more, by bringing together our expertise in Cloud, Analytics, Security, Mobile, and the Internet of Things. We like to say, be essential. We are changing how we craft, how we collaborate, how we analyze, how we engage. Join the next generation of innovators, inventors, and entrepreneurs who are crafting the very way the world works. We want the brightest minds doing work that encourages an environment where growth is supported. IBMers get to discover their potential, so theyre inspired to build breakthroughs that help our clients succeed. Were building teams with dynamic strengths with people who want their ideas to matter. Join us - youll be proud to call yourself an IBMer. Our Culture : IBM is committed to crafting a diverse environment and is proud to be an equal opportunity employer. You will receive consideration for employment without regard to your race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Your role and responsibilities Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk Required education Bachelors Degree Preferred education Doctorate Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

Role & responsibilities General description of the role: Minimum 8 years of experience in managing security audits, such as, ISO 27001, HIPAA, SOC 1, SOC2, PCIDSS Including preparing control owners for audits, interpreting control requirements, reviewing control evidence for appropriateness, testing control effectiveness, presenting control evidence to external auditors, and audit planning with external auditors In-depth knowledge of security controls, interpreting control requirements for SOC 2, ISO, or HIPAA, PCIDSS audits, reviewing control evidence for completeness an accuracy, and ensuring evidence provided to auditors satisfies control requirements. Ability to of plan and lead meetings with control owners and external auditors. Ability to clearly define control requirements to control owners or explaining control evidence to external auditors. Supports the Security Audit function by reviewing evidence submissions for accuracy and completeness, following up on audit requests, and helping to establish a continuous monitoring function. Assist in testing and verification of all controls and formulating reports documenting findings. Recommends and assists in the definition and implementation of security controls in accordance with enterprise policies, standards, and procedures. Work closely with internal business teams to assist in the identification and assessment of potential security risks, and establish risk owners, ratings, and management action plans. Ensure continuity of compliance with ISO27001 and ISO 22301, PCI DSS, HIPAA, GDPR Analyse potential impact of new threats and communicates risks to relevant business units Manage security operations, analyse security exceptions, gather necessary background information, document exceptions and ensure that the risk is recognized and managed with compensating controls Provide orientation to Business Units on Risk Assessment, Business Continuity Plan and Business Impact Analysis Facilitate in preparation of Business continuity plan for each project and functions Conduct internal ISMS and BCMS audits and identify potential gaps in the system Prepare detailed and summary reports of assessments, remediation plans as needed and advise internal stakeholders Report the audit findings on the potential weakness in the system and areas of improvement Preferred candidate profile Top 5 Skill Set Hands-on experience with security technologies Experience in Information security and business continuity internal audits Strong Knowledge in risk management, ISO 27001, ISO 22301 PCI DSS, HIPAA, GDPR, SOC 2 Knowledgeable in security concepts, techniques, tools, methods, and practices Good technical in cyber security products Individually to perform the technical audits

Looking for a candidate with 5–8 years of experience in IT Audit, Risk Management, and Compliance within Banking/NBFCs. Must have expertise in COBIT, NIST, RBI guidelines, ISO standards, IT systems and risk assessments. CISA certification is must.

The candidate will have a background in compliance frameworks such as SOC 2, GDPR, HIPAA, and GRC .You will play a role in conducting assessments, managing compliance programs, and ensuring our organization industry regulations and standards.

Overview The Cybersecurity Governance, Risk, Compliance (GRC) Senior Analyst position is responsible for managing risks related to information security, privacy, governance, vendor security assurance, policy, and compliance. Contributes to preserving the high standards of confidentiality, integrity, and availability of EagleView mission-critical information. Conducts Cybersecurity risk assessments, evaluates controls, and provides feedback to management and process owners on the design and effectiveness of control processes. Implements and maintains on-going programs and processes to test the design and operational effectiveness of security controls. Responsible for ensuring IT assurance and compliance related activities are completed in accordance with industry standards and regulatory requirements. The position reports to the Manager, GRC, and is responsible for executing the key functions of information risk management, security compliance, governance, and information security assurance. Primary Responsibilities In these roles, you are part analyst, engineer, and advisor. You have the ability to ramp up quickly into a solid, productive member of the Security GRC team. You are organized and have the ability to innovate and automate as we continually look to improve our processes and tools. You may own process areas, projects, or technologies for governance, risk and compliance purposes. You create and maintain relationships with business and technical experts through the company who provide expertise in security requirements and solution management. You are expected to work independently while still asking for help on some areas. You are a bridge builder helping to coordinate and bring together various parts of the organization around a common process through the use of tools, and communications channels. Ensure compliance with laws, regulations, and industry standards, and compliance programs (e.g. SOC2, PCI, ISO 27001, NIST 800-X) Create processes to support effective risk identification, evaluation, communication, and remediation Participate in Risk Management Committee meetings Work with risk owners to develop plans of action to reduce or mitigate risks Analyzes security controls for effectiveness of design by evaluation of control documentation and process Analyzes security controls for operational effectiveness by evaluation of control evidence Contribute to corporate information risk management strategy, policies, standards, and tactical plans Contributes to a comprehensive internal security audit program that validates existing security controls Contribute to the company-wide security awareness program and compliance training Coordinate annual enterprise risk assessment and PCI-self assessment activities Ensure all systems, processes, and changes are formally documented Works closely with internal and external auditors, regulators, and examiners, including coordination and compilation of technology documentation requests, reports, and assurance letters to ensure security compliance Maintains the Risk Register and support processes to define and measure risks, then plan risk responses with company leadership Ability to work collaboratively with internal and external departments, vendors, and other key stakeholders Skills/Requirements Required Knowledge, Skills and Experience: Bachelor's degree in a technology or business-related field (BSc or BBA preferred) 8 years overall experience in Information Security, Risk Management, or IT audit 5 years of hands-on experience supporting one or more of the following programs: Risk Management Vendor Risk Management Security Audits and Compliance (especially SOC2) Vulnerability Management Understanding of controls and risks sufficient to identify and evaluate control effectiveness and identify gaps between risks and controls Working knowledge of business and risk assessment methodologies/mitigation strategies using industry standards (e.g., COBIT, ITIL, ISO 27001:2013, NIST, OWASP, etc.) Very high attention to detail, with strong skills in managing/presenting data and information Very strong skills in documentation, including policies, standards, processes and procedures Ability to work independently and productively without constant supervision Critical thinking and analytical ability Excellent verbal and written communication skills Preferred Knowledge, Skills and Experience: Certification such as SANS GIAC, CISA, or CISSP preferred Previous experience in a software development company is preferred Experience using a GRC management platform (e.g. Archer, ZenGRC, etc.)

Manage IT audits (SOX, ITGC), ensure quality delivery, review testing docs, identify process gaps, prepare reports, handle clients, guide juniors, support proposals, and improve engagement productivity.. Required Candidate profile Looking for 3–5 yrs exp in IT audits (SOX, ITGC), risk assessment, SOC1/2, with strong MS Office skills, good communication, and CISA/BE/B.Tech/MBA/MCA background. Big 4 experience preferred.

Hi, Greeting for the Day!!! We found your profile suitable for the below opening, kindly go through the JD and reach out to us if you are interested. About Us Incorporated in 2006, We are an 18 year old recruitment and staffing company, we are a provider of manpower for some of the fortune 500 companies for junior/ Middle/ Executive talent. About Client Hiring for One of the Most Prestigious Multinational Corporations! Job Description Job Title : ITGC Trainer/Manger Qualification : Any Graduate or Above Relevant Experience : 10-15yrs Essential Duties and Responsibilities : Serve as an IT General Controls (ITGC), IT Application Controls (ITAC), Interfaces and Key Reports trainer, providing high-quality training sessions to users. Must have experience in conducting IT Audits and fundamentals training covering Domains such as Access Management, Change Management, SDLC, IT Operations, Interfaces, and Application Controls (Configurable, Non-configurable), Interfaces, IPEs, Data Migration and Platform. Must have experience in conducting Advanced Technology based IT Audit trainings (SAP, Oracle, Cloud and Dev-Ops). Must have experience in SOC1/ SOC2. Must have hands on experience working on at least ITGC, ITAC, IPE and experience in the following modules will be an added advantage: IT Service Management, IT Asset Management, Physical Security. Design, create, edit, and publish engaging learning content in various formats. Develop and maintain knowledge content within the team for easy consumption by end users. Ensure training aligns with the best practices in the industry and PCAOB guidelines. Ability to create visually appealing slides with clear, concise, and relevant information, using appropriate graphics and animations. Use interactive elements such as Q&A, polls, or discussions to maintain audience interest and participation. Location : Kolkata/Bangalore/Hyderabad CTC Range : 25 to 35LPA (Lakhs Per Annum) Notice period : Immediate/serving Notice period/60 days Mode of Interview : VIRTUAL Mode of Work : Hybrid Prerna IT Staffing Analyst Black and White Business solutions PVT Ltd Bangalore, Karnataka, INDIA 8067432409 I prerna@blackwhite.in I www.blackwhite.in

GRC professional with good understanding of industry frameworks and standards 2. In-depth experience on Third-Party Risk Management a. Evaluating third party's cybersecurity control and ensuring they are in compliance with organizations standards and industry best practices b. Track and monitor the status of each due diligence review and communicate the status with management and key stakeholders on a regular basis c. Articulate risks and potential options for remediation or compensating controls d. Understand inherent risk assessment e. Perform new and recurring third party security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation tracking responsibility 3. Strong business and communication skills 4. Experience in driving meetings with stakeholders 5. Provide advisory and consulting to client on new trends and challenges in enterprise risk management area 6. Experience in design and development of information security policies, standards, and guidelines 7. Experience on SIG (shared assessments), ISO 27001, NIST framework, SOC 1, SOC2, ISO 27001 and HIPAA 8. Lead and drive meeting with top management 9. Design / modify Contract security language / security clauses 10. Co-ordinate and negotiate security clauses with Procurement team and Supplier 11. Experience on GRC platforms 12. Client interface for understanding the IT Governance, IT Risk & Compliance Management Controls as applicable to Infrastructure operations 13. Well versed and hands-on experience for establishing processes, controls and audits of compliances like HIPAA, CFR, PCI DSS & SOX ITGCs. 14. Documentation of as-is IT & Risk management Controls as they are currently being executed in client environment and ensuring that the same controls are followed and implemented in service delivery operations 15. Work with the client & technical teams for change request on any risk or control implementation as well as governance process 16. Participate in internal as well as external regulatory as well as IT security audits. Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security

Qualification and Minimum Entry Requirements B.Tech (IT/CSE) with 8+ Years of relevant experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls and ERP Audits. Candidate should have intermediate knowledge of financials, operations and technology and its related risks Candidate should have good knowledge for SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security and risk management frameworks/ standards (ISO 27001, NIST, COBIT, ITIL, PCI.) Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP) Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word and PowerPoint MS Visio skills to develop process and data flow diagrams Strong multi-tasking and project management skills Excellent verbal and written communication (English) as this a client facing role and it requires frequent communications with RSM International clients. Position and Key Responsibilities As a Manager in RSMs growing Technology Risk Consulting, you will have the opportunity to develop into a seasoned consultant through a high degree of client and industry exposure, career development and mentorship opportunities, and a diverse and inclusive culture. The fast-paced and dynamic environment in which we operate will provide you with daily challenges and exciting opportunities. In the Technology Risk Consulting Practice, our consultants help our clients with design and optimization of controls utilizing a general knowledge of business processes, accounting, and information technologies by identifying and prioritizing risk and transform their technology risk management and assurance capabilities to be aligned to the key risks and strategies of their organization. Develop an understanding of the RSM Technology Risk Consulting approach, methodology and tools Develop an understanding of the Industry leading frameworks and methodologies for Sarbanes-Oxley, COBIT, NIST and ITIL Demonstrate understanding of business processes, internal control risk management, IT controls, and related regulatory and compliance standards Perform technology risk assessments and reviewing, documenting, evaluating control’s design and operating effectiveness, IT internal audit consulting activities (internal audits over ERP systems, IT security, and other IT systems), perform external audit assurance activities, and perform service organization control services activities related to SSAE18 SOC 1 and SOC 2 reporting services Performing risk analysis by reviewing the information security policy documents against industry standards/ regulatory requirements and drafting risk reports, which summarize the information security assessment including any risks to the organization Perform first level review of associates work for accuracy, completeness, and well-reasoned conclusions Review and complete status documents for client delivery Execute components of IT audits under offshore delivery model in an effective and efficient manner Use problem solving and critical thinking skills to quickly identify internal control deficiencies, evaluate their risk implications, and draw the appropriate conclusions to best advise our clients Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, supervisors, and senior management in the U.S. on a daily basis Manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients Provide timely, high quality client service that meets or exceeds client expectations including coordinating the development and execution of the consulting work plan and client deliverables Understand RSM US and RSM Delivery Center's LOB’s and work as a team in providing an integrated service delivery Ensure professional development through ongoing education

As a part of RSMs growing Technology Risk Consulting, you will have the opportunity to develop into a seasoned consultant through a high degree of client and industry exposure, career development and mentorship opportunities, and a diverse and inclusive culture. The fast-paced and dynamic environment in which we operate will provide you with daily challenges and exciting opportunities. In the Technology Risk Consulting Practice, our consultants help our clients with design and optimization of controls utilizing a general knowledge of business processes, accounting, and information technologies by identifying and prioritizing risk and transform their technology risk management and assurance capabilities to be aligned to the key risks and strategies of their organization.Qualification and Minimum Entry Requirements Job Description B.Tech(CSE/IT)/MCA/MBA/CA with 0-5 Years of relevant experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls and ERP Audits. Candidate should have intermediate knowledge of financials, operations and technology and its related risks Candidate should have good knowledge for SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security and risk management frameworks/ standards (ISO 27001, NIST, COBIT, ITIL, PCI.) Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP) Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word and PowerPoint MS Visio skills to develop process and data flow diagrams Strong multi-tasking and project management skills Excellent verbal and written communication (English) as this a client facing role and it requires frequent communications with RSM International clients. Position and Key Responsibilities Develop an understanding of the RSM Technology Risk Consulting approach, methodology and tools Develop an understanding of the Industry leading frameworks and methodologies for Sarbanes-Oxley, COBIT, NIST and ITIL Demonstrate understanding of business processes, internal control risk management, IT controls, and related regulatory and compliance standards Perform technology risk assessments and reviewing, documenting, evaluating controls design and operating effectiveness, IT internal audit consulting activities (internal audits over ERP systems, IT security, and other IT systems), perform external audit assurance activities, and perform service organization control services activities related to SSAE18 SOC 1 and SOC 2 reporting services Performing risk analysis by reviewing the information security policy documents against industry standards/ regulatory requirements and drafting risk reports, which summarize the information security assessment including any risks to the organization Perform first level review of associates work for accuracy, completeness, and well-reasoned conclusions Review and complete status documents for client delivery Execute components of IT audits under offshore delivery model in an effective and efficient manner Use problem solving and critical thinking skills to quickly identify internal control deficiencies, evaluate their risk implications, and draw the appropriate conclusions to best advise our clients Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, supervisors, and senior management in the U.S. on a daily basis Manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients Provide timely, high quality client service that meets or exceeds client expectations including coordinating the development and execution of the consulting work plan and client deliverables Understand RSM US and RSM Delivery Center's LOB’s and work as a team in providing an integrated service delivery Ensure professional development through ongoing education Preferred candidate profile

Job Requirements Design and execute the day-to-day activities of Information Technology (IT) audit engagements, with a focus on strategic, operational and regulatory/compliance related risks Plan activities related to development of audit program, and execution of internal audits and IT control assessments in the following areas: cybersecurity, IT strategy and governance, IT operations, business continuity and disaster recovery, network and infrastructure security, cloud and third party risk, programs and projects, automation, General Information Technology Controls (GITCs) and application controls, and regulatory/compliance requirements Review clients' processes and controls against leading practice and industry frameworks, identify gaps in design and execution, and communicate issues and recommendations to engagement leads and client management Contribute to IT Audit knowledge base and internal practice development initiatives Supervise and provide performance management for IT audit staff working on assigned engagements Write and present clear and concise reports and presentations containing meaningful observations and recommendations to clients, and document procedures performed and conclusions reached related to projects Support proposal and business development activities by assisting in the identification of new target clients, building business relationships with key executives, and developing/presenting proposals Provide oversight and leadership to team members regarding deliverables, project plans, and performance management while contributing to industry and regulatory publications, writing professional and thought leadership articles, and speaking at related conferences and seminars Mandatory technical & functional skills Bachelor's degree in an appropriate field from an accredited college/university; Master's degree from an accredited college/university is preferred Prior knowledge leading and executing risk-based IT-related internal audits and/or risk and control assessments, leveraging IT governance and control frameworks such as COBIT, NIST CSF, NIST 800-53, and ITIL and proficiency in core requirements and methodologies for SOX internal control programs Experience with IT Risk Management and three lines of defense frameworks CISA, PMP, CISSP or CRISC certification is preferred Key behavioral attributes/requirements Ability to work well independently as well as part of a team Driven and enthusiastic with a can-do attitude and a strong sense of ownership to get the job done in a pragmatic fashion