158 Technology Risk Jobs - Page 7

Second line of defense (2LoD) team helps enhance audit quality by providing direct real time support and coaching to engagement teams before the audit opinions are signed, with the goal of helping the team deliver an audit in accordance with relevant professional standards Function: Second line of defense (2LoD) Location: Mumbai/Gurgaon/Noida/ Bangalore / Chennai / Kochi / Kolkata / Ahmedabad / Pune / Hyderabad Experience: At least 6+ Years of relevant experience Technical Skills Functional Knowledge: Significant Know How of various domains under Governance Management of Enterprise IT, Financial Statements - IT Audit Process Integrated Audits, Leading IT Risk Management Frameworks Standards (such as COBIT, COSO, ITIL, ISO 27001, NIST etc.) Core Technical Skills: Hands on experience (At least 6+ years) in executing and delivering audits engagements of IT General Controls around Applications, Database, Operating Systems, Middleware, Networks, IT Application Controls, IT Attestation (SOC1SOC 2 etc.). Coach an engagement team from the beginning to the end of an engagement lifecycle (focusing on the 2LoD focus areas) along with providing relevant technical guidance , based on frequent areas of internal and external quality reviews, and/or emerging areas of guidance and best practice Managers would be reviewing multiple projects at any time on IT Audit. Manager shall report to a partner. They shall be responsible for ensuring project quality as well as adherence to the agreed project review plan. Additional Skills: Understanding of at Technology Risks Controls for at least one of Emerging Technology solutions such as Cloud, DevSecOps etc. The job would not require travel to client locations within India. Certifications such as CISA, CISSP, CIA, SAP/Oracle Security and related certifications in the areas of Emerging Technologies would be plus. Practice Initiatives Contribute to Learning Development Participate in practice initiatives and at times lead such initiatives such as knowledge management Review documentation relating to the 2LoD focus areas (and related planning documentation such as assessment of materiality, significant risks, significant accounts) that has been prepared and reviewed by the engagement team and provide suggestions for improvement. Review observations should be articulated as clearly as possible Coach an engagement team from the beginning to the end of an engagement lifecycle (focusing on the 2LoD focus areas) along with providing relevant technical guidance Challenge the team on their planned audit approach in the areas of focus Support the team in understanding how to apply the audit requirements and guidance Communicate the status of engagement/review to engagement partner and 2LOD leader on a weekly basis Perform your role in a timely manner being considerate of the engagement team pressures Collaborate with your 2LOD lead or Audit Quality Leadership on Audit Quality matters. Possesses extensive experience in IT Audit Prior experience in client facing / account management roles Possess strong domain knowledge, understanding of business processes and possible risks in operations of at least two industry sectors Consistent display of leadership skills Have experience in process consulting/ internal audit/ risk consulting at a project manager level role Strong analytical and problem solving skills. Strong written and verbal communication skills Ability to work well in teams Ability to work under pressure stringent deadlines and tough client conditions which may demand extended working hours Demonstrate integrity, values, principles, and work ethic and lead by example

Project Related Functional Knowledge: Significant Know How of various domains under Governance Management of Enterprise IT, Financial Statements - IT Audit Process Integrated Audits, Leading IT Risk Management Frameworks Standards ( such as COBIT, COSO, ITIL, ISO 27001, NIST etc.) Core Technical Skills: Hands on experience (At least 6-8 years) in executing and delivering audits/assurance engagements (At least in 2-3 areas) of IT General Controls around Applications, Database, Operating Systems, Middleware, Networks, IT Application Controls, IT Attestation (SOC1SOC 2 etc.), IT Regulatory Compliance, Third Party Risk Assurance etc. Additional Skills: Understanding of at Technology Risks Controls for at least one of Emerging Technology solutions such as Cloud, Social Media, Intelligent Automation, DevSecOps etc. Professionals would be leading at least 3-5 projects at any time on IT Audit Controls Assurance. They shall be having teams report to them at a project level. Professional have the responsibility of project execution and shall report to a director/partner on every project. They shall be responsible for ensuring project profitability, quality as well as adherence to the agreed project plan Will have End to End responsibility of managing the project lifecycle from Initiation till Closure and maintain requisite documentation at each stage. Professionals shall assist the Partner/Director in managing quality risks associated with the projects The job would require travel to client locations within India and abroad Certifications such as CISA, CISSP, CIA, SAP/Oracle Security and related certifications in the areas of Emerging Technologies would be plus. Thought Leadership Contribute to solution development Possess good business acumen. Remain current on new developments in advisory services capabilities and industry knowledge. Participate in practice initiatives and at times lead such initiatives such as knowledge management or thought leadership People Related During the course of your work, you will be expected to be a people leader for your department/location and to also manage a team in terms of staffing, appraisals etc. Coordinating in developing the practice (people / clients and skills) Plays role of a performance professional for junior staff. Is actively involved in training, coaching and mentoring of his/her team Business Development Professionals shall be significantly involved in business development lead generation till closure. They are expected to possess considerable client relationships which could lead to business opportunities. They may be assigned a market/geography/ solution/account or a set of clients for business development. They shall be responsible for generating an agreed amount of revenue for the year Proactively does sales oriented reporting during projects. These would include identifying possible business opportunities for various practices within KPMG Demonstrate in-depth technical capabilities and knowledge. Demonstrate ability to assimilate to new knowledge Provide high quality, day-to-day execution of client engagements, and projects for the financial services practice Develop engagement work programs, assist in conducting risk assessments, documentation of working papers and preparation of audit committee presentations Shall be responsible for client relationship management, team management along with ability to handle multiple client engagements Understand client needs and challenges and identify revenue opportunities for the firm Work on project teams focused on advisory projects and assist engagement management to successfully complete engagement objectives Understand firm service offerings and mentor associates, interns, and new hires. Possesses extensive experience in IT Audit, IT Risk Control Assurance space Prior experience in client facing / account management roles Exposure to business development in consulting (Pre-sales support, proposals, RFP responses) Possess strong domain knowledge, understanding of business processes and possible risks in operations of at least two industry sectors Consistent display of leadership skills Have experience in process consulting/ internal audit/ risk consulting at a project professional level role Strong analytical and problem solving skills. Strong written and verbal communication skills Ability to work well in teams Ability to work under pressure stringent deadlines and tough client conditions which may demand extended working hours Willingness to travel within India or abroad for continuous long periods of time Demonstrate integrity, values, principles, and work ethic and lead by example.

Project Related Functional Knowledge: Significant Know How of various domains under Governance Management of Enterprise IT, Financial Statements - IT Audit Process Integrated Audits, Leading IT Risk Management Frameworks Standards ( such as COBIT, COSO, ITIL, ISO 27001, NIST etc.) Core Technical Skills: Hands on experience (At least 6-8 years) in executing and delivering audits/assurance engagements (At least in 2-3 areas) of IT General Controls around Applications, Database, Operating Systems, Middleware, Networks, IT Application Controls, IT Attestation (SOC1SOC 2 etc.), IT Regulatory Compliance, Third Party Risk Assurance etc. Additional Skills: Understanding of at Technology Risks Controls for at least one of Emerging Technology solutions such as Cloud, Social Media, Intelligent Automation, DevSecOps etc. Professionals would be leading at least 3-5 projects at any time on IT Audit Controls Assurance. They shall be having teams report to them at a project level. Professional have the responsibility of project execution and shall report to a director/partner on every project. They shall be responsible for ensuring project profitability, quality as well as adherence to the agreed project plan Will have End to End responsibility of managing the project lifecycle from Initiation till Closure and maintain requisite documentation at each stage. Professionals shall assist the Partner/Director in managing quality risks associated with the projects The job would require travel to client locations within India and abroad Certifications such as CISA, CISSP, CIA, SAP/Oracle Security and related certifications in the areas of Emerging Technologies would be plus. Thought Leadership Contribute to solution development Possess good business acumen. Remain current on new developments in advisory services capabilities and industry knowledge. Participate in practice initiatives and at times lead such initiatives such as knowledge management or thought leadership People Related During the course of your work, you will be expected to be a people leader for your department/location and to also manage a team in terms of staffing, appraisals etc. Coordinating in developing the practice (people / clients and skills) Plays role of a performance professional for junior staff. Is actively involved in training, coaching and mentoring of his/her team Business Development Professionals shall be significantly involved in business development lead generation till closure. They are expected to possess considerable client relationships which could lead to business opportunities. They may be assigned a market/geography/ solution/account or a set of clients for business development. They shall be responsible for generating an agreed amount of revenue for the year Proactively does sales oriented reporting during projects. These would include identifying possible business opportunities for various practices within KPMG Demonstrate in-depth technical capabilities and knowledge. Demonstrate ability to assimilate to new knowledge Provide high quality, day-to-day execution of client engagements, and projects for the financial services practice Develop engagement work programs, assist in conducting risk assessments, documentation of working papers and preparation of audit committee presentations Shall be responsible for client relationship management, team management along with ability to handle multiple client engagements Understand client needs and challenges and identify revenue opportunities for the firm Work on project teams focused on advisory projects and assist engagement management to successfully complete engagement objectives Understand firm service offerings and mentor associates, interns, and new hires. Possesses extensive experience in IT Audit, IT Risk Control Assurance space Prior experience in client facing / account management roles Exposure to business development in consulting (Pre-sales support, proposals, RFP responses) Possess strong domain knowledge, understanding of business processes and possible risks in operations of at least two industry sectors Consistent display of leadership skills Have experience in process consulting/ internal audit/ risk consulting at a project professional level role Strong analytical and problem solving skills. Strong written and verbal communication skills Ability to work well in teams Ability to work under pressure stringent deadlines and tough client conditions which may demand extended working hours Willingness to travel within India or abroad for continuous long periods of time Demonstrate integrity, values, principles, and work ethic and lead by example.

Job Description Key Experience and Responsibilities: Conduct comprehensive assessments of technology risks inherent in business processes and systems. Strong working experience in Information Security Management System Analyse and evaluate the impact of emerging technologies on risk profiles. Identify potential vulnerabilities and recommend effective risk mitigation strategies. Develop and implement technology risk management strategies aligned with organizational goals. Work closely with senior leadership to define risk appetite and tolerance levels. Provide insights into emerging trends and regulatory changes affecting technology risk. Stay abreast of relevant laws and regulations related to technology risk. Ensure that the organization and its clients are compliant with industry standards and regulatory requirements. Collaborate with cross-functional teams, including IT, cybersecurity, and audit teams, to integrate technology risk management into overall risk frameworks. Work closely with technology and business leaders to align risk management efforts with business objectives. Qualification BE/ B. Tech/ MBA/ MCA/ CA Experience 5 to 15 years of experience

Advisory Risk Consulting IT Audit Assurance KPMGs IT Advisory Risk Consulting team is looking for Managers to join their IT Audit Assurance team. Team provides Independent assurance on controls in place across clients IT environment and ways to mitigate Technology risks. Following are some of our key solution offerings Skill set for IT Audit- Prior IT Audit experience in areas of ITGC, SOX 404, SOC-1 and SOC-2 Audits and Application Controls Exposure to cloud attestation Exposure to CI/CD/DevOps methodology IT Audit with knowledge of IT governance practices Good to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (e.g. NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc.) Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodology Exposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantage Strong project management, communication (written and verbal) and presentation skills Knowledge of security measures and auditing practices within various applications, operating systems, and databases Position: Associate Consultants/ Consultants/ Assistant Managers Responsibilities Additional Responsibilities for Assistant Managers: Supervise associates and interns on engagements Serve as a liaison between financial services clients and upper management Qualifications Bachelor degree in an appropriate field from an accredited college/university Cloud audit certification is must Project or team lead experience, specifically within a consulting firm is preferred Excellent written and verbal communication, facilitation, and presentation skills with the ability to gain the confidence and respect of senior level executives Strong analytical and problem solving skills Ability to work well in teams Ability to work under pressure stringent deadlines and tough client conditions which may demand extended working hours Willingness to travel within India or abroad for continuous long periods of time Demonstrate integrity, values, principles, and work ethic and lead by example

The Team: As part of Vendor Risk Management, the Vendor Cyber Risk Management team manages the Supply Chain Cyber risks by performing risk assessments of third-party engagements to identify and reduce the risks posed by third parties. This is an extremely important role, considering the fact that large number of data breaches happen due to third parties. It involves working with internal stake holders as well as third parties to achieve the results. The Impact: Working in Vendor Risk Management offers the opportunity to continuously enhance processes to meet the evolving requirements of various regulators. This challenging environment provides ample opportunities to expand your knowledge and expertise. Whats in it for you: In addition to risk assessments, recertifications, and continuous monitoring, you will participate in various projects, allowing you to showcase and further develop your skills and experience. Responsibilities: Conduct thorough Cybersecurity, Business Continuity, Artificial Intelligence, Cloud Service Prover and Privacy assessments for Vendors, evaluating their information security policies, procedures, and controls. Effectively collaborate with internal teams to identify critical vendors and assess their potential impact on the organization's cyber risk profile. Communicate risk assessment findings and recommendations to key stakeholders, including senior management, legal, and compliance teams. Work closely with vendors to address identified security gaps and ensure they meet the organization's cybersecurity requirements. Review the vendors on the continuous monitoring program and assisting in driving the periodically review the vendors. Monitor and stay abreast of evolving cybersecurity threats and industry trends to enhance the effectiveness of the risk assessment process. Lead and support enhancement projects within Vendor Risk Management to meet various business and regulatory requirements. Assist the team members in balancing the load and managing Ad-hoc projects. What Were Looking For: Basic Required Qualifications: Bachelors degree in computer science or engineering or equivalent Minimum 8 years of experience in Information Security or Technology Risk Management Any prior exposure to vendor risk management and/ or privacy laws and regulations is a plus. Demonstrable understanding of the concepts of technology controls and information security controls. Exposure to cloud technologies and cloud security is highly desired; the familiarity with pubic cloud technologies such as Amazon Web Services (AWS) or Microsoft Azure or Google Cloud is highly preferred. Excellent communication skills - a must. The resource should have the ability to communicate with cross-functional teams and vendors, both written and oral communication is critical. Additional Preferred Qualifications: This position is required to work in UK Shift; flexibility is a must, especially when it comes to vendor and internal meetings held during US business hours. Strong organizational skills with the ability to multitask and prioritize while maintaining close attention to detail. Ability to build strategic partnerships with internal stakeholders. Must be a critical thinker with strong qualitative skills. Information Security/Risk Management certification would be an advantage.

Responsibilities: towards risk and compliance providing recommendations as appropriate. Support the CIO and CISO, and work with internal stakeholders to Participate in consultation and conduct gap analysis against new requirements Coordinate and facilitate IT / cyber security audits. Support Risk Owners and Tech teams in documenting control procedures, guidelines, etc. Ensure risk and control activities are completed in a timely and appropriate manner applying the correct governance route Report and publish Risks to senior leadership inclusive of providing content for Senior Leadership risk and control review forums/Committees. Ensure all governance attestations and sign-off from Senior leadership are completed including the conduct risk measures. Co-ordinate and track the tickets / findings in areas like IT Operational Risks and Information Security Risks, Control Self assessments , Internal/External Audit findings with appropriate CAPA, BCP / Disaster recovery , Problem tickets with root cause analysis. Audit event co-ordination, Audit liaison and issue closure oversight (SOC 2 Type 2, ISO 27001, etc.) Lead pre-audit preparation activities with stakeholders (SOC 2 Type 2, ISO 27001, etc.) Provide first line of defense support in assessing risk and reviewing control issues Documentation of control procedures, standards and guidelines, etc. What you'll bring: Bachelor’s degree in IT or relevant field with a strong academic background A minimum of 7-10 Years of experience in Risk management and internal controls governance Strong communication & strategic influencing skills. Relevant experience working with senior leaders, building internal networks, and delivering high impact programs in complex -matrixed environments. Formal training or certification in Information Security, and/or 5+ years of experience or equivalent expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment, and mitigation. Familiarity with risk management frameworks, industry standards, and financial industry regulatory requirements Proficient knowledge and expertise in data security, risk assessment & reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategies. Proficient in MS Office productivity suite (e.g., Word, Excel, PowerPoint, SharePoint). Advanced Excel skills strongly preferred CISM/CRISC/CISA/CISSP/CIA/MBA or relevant Risk Management / Audit certification Basic working knowledge of following (Majority of the points, if not all): -COBIT – Control Objectives for Information and Related Technology -ISO/IEC 27001:2013 – Code of Practice for Information Security Management -NIST SP 800-53 -NIST CSF -SOC1/SOC2/SOC3 -HIPAA/HITECH Security and Privacy Audit Protocol -Shared Assessments Standard Information Gathering (SIG) framework -US SOX – Sarbanes Oxley Act -US HIPAA/HITECH Act -EU GDPR – General Data Protection Regulation -US EU Privacy Shield -India Companies Act Additional Skills: Demonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives. Program level management up to and including Executive presentation and reporting. Knowledge and Experience of Technology Infrastructure. Understanding of Infrastructure Security Stakeholder management Willingness to adapt to evolving industry standards and technologies Ability to manage a wide variety of tasks and meet deadlines, and reliability/dependability Proven ability to work creatively and analytically in a problem-solving environment

Senior Technology Risk Analyst Overview The Technology Risk & Control (TR&C) organization is a business enabler and industry leader of technology and security risk management practices, supported by a multi-disciplinary team of top security, technology, and risk professionals. Our mission is to drive enhanced awareness, visibility, and proactive management of technology risks to ensure a secure and sound operational environment. Role You will be responsible for engaging with internal and market facing programs on Technology Risk matters. Oversee the embedding and alignment to the requirements of Mastercard technology policies and standards. Transform the implementation of technology risk management principles and practices by focusing on the reusability of core components, quantitative assessment, and education of key stakeholders. This role will also support the following capabilities: identification, assessment, treatment, and monitoring of technology risks and controls across the environment; providing an aggregate view of controls, issues and exceptions, to inform strategic decision making. All about You/Experience: o Strong knowledge of the risk management lifecycle and processes (e.g., methods for identifying, assessing treating and monitoring risk) o Background in technology audit, risk management, technology operations, information systems management, information security management, regulatory engagement, etc. o Strong knowledge of baseline Technology and Security processes, risks, and controls o Familiarity with technology/security frameworks and mechanisms (e.g., SOC 1, SOC 2, PCI-DSS, ISO 27001, COBIT, CRI, PFMI, NIST) o Experience with regulatory technology and security risk management expectations; o Strong influence and collaboration skills cross-functionally and geographically to identify and drive implementation of best practice risk processes o Systematic problem-solving approach, coupled with strong communication skills and a sense of ownership and drive