88 Tprm Jobs

You will be part of KPMG in India, a professional services firm affiliated with KPMG International Limited since its establishment in August 1993. Leveraging the global network of firms, our professionals are well-versed in local laws, regulations, markets, and competition. With offices spread across India in cities like Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara, and Vijayawada, we offer services to both national and international clients across various sectors. At KPMG in India, we are committed to delivering rapid, performance-based, industry-focused, and technology-enabled services. Our approach is rooted in a deep understanding of both global and local industries, combined with our extensive experience in the Indian business environment.,

Our story Strada is a technology-enabled, people powered company committed to delivering world-class payroll, human capital management, and financial management solutions to organizations globally. With a team of more than 8,000 experts and over 30 years of expertise, Strada blends leading-edge technology with human ingenuity to help businesses across the globe design and deliver at scale. Supporting over 1,400 customers in 33 countries, Strada partners with customers at every stage of their journey, to help drive their vision forward. Its why were so driven to connect passion with purpose. Our teams experience in human insights and cloud technology gives companies and employees around the world the ability to power confident decisions, for life. With a comprehensive total rewards package, continuing education and training, and tremendous potential with a growing global organization, Strada is the perfect place to put your passion to work. To learn more about us, visit stradaglobal.com ROLE : Vendor Security Risk Management RESPONSIBILITIES : Summary The Vendor Security Risk Management Senior Associate supports the management and mitigation of security risks associated with third-party vendors. This role involves conducting risk assessments, assisting in the development of risk management strategies, and ensuring vendors comply with security policies and standards. Responsibilities • Vendor Risk Assessment : o Assist in performing security risk assessments for new and existing vendors are completed to identify potential risks and vulnerabilities. o Document and communicate assessment findings to Vendor Security Risk Mgt colleagues for review. • Risk Mitigation : o Support the development and implementation of strategies to mitigate identified security risks. o Monitor corrective actions to ensure risks are effectively managed. • Continuous Monitoring : o Assist in continuous monitoring activities to regularly assess vendors’ security performance. o Use automated tools and technologies to track and report on vendors’ compliance with security standards. • Incident Management : o At the request of the Incident Management team support the incident management process by coordinating with vendors to understand whether a vendor was impacted by an incident and ensuring timely and effective resolution. • Compliance : o Maintain up-to-date documentation and evidence of vendors’ compliance with security requirements. o Assist with regular compliance audits and assessments to verify adherence to security policies. • Training and Awareness: o Help conduct and deliver training sessions and awareness programs for internal teams on security best practices. REQUIREMENTS : Experience: o Minimum of 6 years of experience in Vendor Risk Mgt. • Skills : o Excellent communication and interpersonal skills. o Analytical and problem-solving abilities. • Personal Attributes: o High level of integrity and ethical standards. o Detail-oriented and organized. o Proactive and able to work independently. o Strong commitment to continuous improvement and professional development Required Education • Candidate must possess at least a Bachelor's/College Degree , Computer Science/Information Technology, Science & Technology or equivalent kindly inbox profiles to venkatesh.kosana@stradaglobal.com Benefits We offer programs and plans for a healthy mind, body, wallet and life because it’s important our benefits care for the whole person. Options include a variety of health coverage options, wellbeing and support programs, retirement, vacation and sick leave, maternity, paternity & adoption leave, continuing education and training as well as a number of voluntary benefit options. By applying for a position with Strada, you understand that, should you be made an offer, it will be contingent on your undergoing and successfully completing a background check consistent with Strada’s employment policies. Background checks may include some or all the following based on the nature of the position: SSN/SIN validation, education verification, employment verification, and criminal check, search against global sanctions and government watch lists, credit check, and/or drug test. You will be notified during the hiring process which checks are required by the position. Our commitment to Diversity and Inclusion Strada is committed to diversity, equity, and inclusion. We celebrate differences and believe in fostering an environment where everyone feels valued, respected, and supported. We know that diverse teams are stronger, more innovative, and more successful. At Strada, we welcome and embrace all individuals, regardless of their background, and are dedicated to creating a culture that enables every employee to thrive. Join us in building a brighter, more inclusive future. Diversity Policy Statement Strada is an Equal Employment Opportunity employer and does not discriminate against anyone based on sex, race, color, religion, creed, national origin, ancestry, age, physical or mental disability, medical condition, pregnancy, marital or domestic partner status, citizenship, military or veteran status, sexual orientation, gender, gender identity or expression, genetic information, or any other legally protected characteristics or conduct covered by federal, state or local law. In addition, we take affirmative action to employ and advance in the employment of qualified minorities, women, disabled persons, disabled veterans and other covered veterans. Strada provides reasonable accommodations to the known limitations of otherwise qualified employees and applicants for employment with disabilities and sincerely held religious beliefs, practices and observances, unless doing so would result in undue hardship. Applicants for employment may request a reasonable accommodation/modification by contacting his/her recruiter. Authorization to work in the Employing Country Applicants for employment in the country in which they are applying (Employing Country) must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the Employing Country and with Strada.

Job Role & responsibilities:- Develop and maintain Security Controls relating to 3rd Party suppliers. Carry out reviews/audits/risk assessments to ensure Third Parties are compliant to inhouse Security standards. Align 3rd Party security assurance to the group standards. Ensure Contracts include security schedules. Own relationships with third party suppliers and follow up on unresolved issues. Support, review and quality assure assurance Reporting and Dashboard Assess and develop a supplier information risk tiering to rate suppliers based on criticality of services to be delivered Engage with wider stakeholders to understand and gather supplier strategy and risk management requirements. Assess and develop a set of security requirements from Information policy framework to be included as part of supplier contract schedules Technical Skills , Experince & Qualification required:- Experince into Third party risk Management Bachelor degree in Computer Science, Engineering, or related field. An MSc Information Security would be desirable but is not essential ISO 27001 Lead Auditor certification strongly preferred In depth experience of Security domains, architectures and issues. Information Security and/or Information Technology industry certification (CISSP, CISM or equivalent) strongly preferred Immediate Joiners will be preferred only

You will be part of KPMG in India, a professional services firm affiliated with KPMG International Limited since August 1993. Leveraging the global network of firms, you will work with professionals who are well-versed in local laws, regulations, markets, and competition. KPMG has a presence across India in cities like Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara, and Vijayawada. As a member of KPMG entities in India, you will offer services to national and international clients in various sectors. Your role will involve providing rapid, performance-based, industry-focused, and technology-enabled services that demonstrate a deep understanding of global and local industries, as well as expertise in the Indian business environment. Your responsibilities will include supporting and conducting Third-Party Risk Management (TPRM) activities while adhering to equal employment opportunity guidelines. To qualify for this position, you should have a B-Tech and MBA degree.,

Role & responsibilities : Hands-on experience in stakeholder management that involves high level of co-ordination , activity tracking, reporting progress , raising red flags Good experience of dashboarding and preparing reports / presentations for different levels of mgmt. Reasonable experience in managing risk and compliance projects, coordinating tech risk assessments, third-party assessments, assessing IT General Controls, understanding how to risk-score , identification of control gaps and potential risks, recommending remediation measures Exposure to documentation drafting and creating templates experience Preferred candidate profile : Excellent problem-solving skills Attention to detail, with the ability to analyze complex issues, develop effective solutions Strong interpersonal and communication skills, essential for collaborating with various stakeholders, presenting assessment results, and negotiating remediation actions. Ability to manage multiple tasks, deadlines Stickler to timelines, matters of urgency Ability to work and proactively deliver without need for reminders and follow-ups

Role & responsibilities Develop monitoring procedures to check adherence with the regulatory norms Develop framework to review & check adherence with the regulatory norms Review exception/ deviation, provide procedural exception to functions relation to regulatory norms. Coordinate with the IRDA on regulatory audits Manage vendor management/ outsourcing risk Develop outsourcing norms as per regulatory requirement Develop vendor evaluation criteria Approve the outsourcing vendor as per the requirements Thematic Review of different process as mention in Outsourcing Risk Policy and Process Manual to assess it effectiveness and efficiency, to identify and mitigate gap with suggestion wherever required. To define Key Risk Indicator threshold pertaining to outsourcing activity and to monitor same on regular interval. Preparation and timely circulation of reports in respect of Third party risk assessment/Thematic Review to the Outsourcing Committee/ Risk Management Committees on a periodic basis Develop module & programme for increasing awareness and provide training to risk Champions & employees on ORM 1. Develop communication & training material for increasing awareness about ORM. Conduct training programme

As part of Deutsche Bank group, DWS aims to strategically transform itself via Project Lighthouse as a hybrid Asset Management operating platform; an ambitious project that delivers Procurement functionalities on DB and DWS SAP applications platform. The role offers a unique opportunity to be part of a high performing SAP Ariba Procurement transformation team implementing a strategic future state technology landscape for DWS Corporate Functions in Finance & Procurement areas. SAP Ariba Consultant is responsible for SAP Ariba Upstream (SLP, Sourcing, Contracts) configurations and overall landscape (incl SLP, Sourcing, Contract, Guided Buying, CIG, interfaces for SAP Ariba supplier Network, S/4 Hana, SAP VIM, TPRM and other application solutions) support activities. The consultant must have 8+ years of relevant SAP Ariba experience. Candidate/Applicant should be able to translate Business requirements into system specific functional & data specifications, which serve as the basis for technical solutions. Candidate/Applicant will work as an individual contributor for the lighthouse project activities and will also guide associates in the SAP Ariba support activities. This role serves as a specialist providing functional consulting support via Solution options, design, working on SAP Ariba configurations, handling system administrator role, working on Incidents, Service Requests and Jira change, create SAP Service requests and coordinate with SAP support for Service requests and any enhancements needed in SAP Ariba environment. Your key responsibilities Providing SAP Ariba functional consulting support to Business and transforming Business Requirement into SAP Ariba system solutions Provide solution options, work on design, SAP Ariba configurations, testing, cutover and implementation using Agile/Hybrid Agile methodology. Handle system administrator role, working on Incidents, Service Requests and Jira changes Create SAP Service requests and coordinate with SAP support for Service requests and any enhancements needed in SAP Ariba environment. Develop a good understanding of the activities required to execute production management functions. Support the resolution of incidents and problems within the team. Assist with the resolution of complex incidents. Ensure that the right problem-solving techniques and processes are applied Participate in regular meetings with stakeholders, prepare and document meetings, track progress. Ensure policy-compliance for SOX, ASG, ISP, Audit, etc.; Support Application audit processes and Application controls as per Banking/asset management requirements. Collect, interpret and respond to changes in production data, as appropriate. Provide regular and reliable reporting of relevant data to meet management requirements. Understand thoroughly the end to end application support process and escalation procedures, become fully conversant with all support tools that will be used to provide effective support in the relevant area (i.e. service operations). Maintain an end to end view of the application and infrastructure landscape. Support the collection, analysis and production metrics on process data for KPIs to find out improvements. Identify risks and issues related to the area. Drive knowledge management across the supported applications and ensure full compliance Drive continual service improvements Works with team members to identify areas of focus, where training may improve team performance, and improve incident resolution. Your skills and experience 8+ yrs SAP Ariba modules- Majorly in SAP Ariba SLP, Sourcing, Contracts and integration experience with SAP Ariba downstream, S/4 Hana, SAP Business network via CIG) Global Transaction Banking Experience is a plus. Experience of supporting Procurement applications landscape IITIL / best practice service context Good analytical and problem solving skills Ability to work in virtual teams and in matrix structures. Working knowledge of incident, Service Requests, change tracking tools (i.e. Service Now, Jira etc.) Education | Certification (Recommended): Bachelor (Engineering) Degree from an accredited college or university (or equivalent work experience) SAP Certifications in relevant SAP Ariba modules Technical Competencies: SAP Ariba CIG configurations & setup is a plus Business Competencies: Communication - Experienced Financial Management - Basic Industry Knowledge - Experienced Innovation - Basic Managing Complexity - Basic Product Knowledge (internal & external) Experienced Risk Management - Basic Technical Competencies: Business Continuity/Disaster Recovery Experienced Operational Management Experienced

Your key responsibilities Lead and work closely with the manager in the delivery of Third-Party Risk Management (TPRM) engagements. Assist / Mentor team members in vendor calls / client interactions by providing delivery updates. Perform Quality Checks on work products before delivering it to the end clients. Follow policies and procedures that support the successful implementation of TPRM operating models. Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements. Assess the application of legal and regulatory requirements to clients TPRM practices. Lead/Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes. Assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects. Build and nurture positive working relationships with clients to achieve exceptional client service. Contribute to Identifying opportunities to improve engagement profitability. Assist leadership in driving business development initiatives and account management. Participate in building strong internal relationships within GMS Services and with other services across the organization. Skills and attributes for success Maintain an educational program to develop personal skills continually. Constantly upskilling as per market trends. Understand and follow workplace policies and procedures. Exhibit initiative and participate in corporate social and team events. To qualify for the role, you must have 4 to 8 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures). Strong understanding of the TPRM framework, Risk Management, Information Security practices. Demonstrate a good understanding of the Contract Risk Review management process. Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.). Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI DSS, HITRUST, etc. Good knowledge of privacy regulations such as GDPR, CCPA, etc. Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management. Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review. Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.). Good experience in LAN/WAN architectures and reviews. Good knowledge of incident management, disaster recovery, and business continuity management, cryptography. Good to have prior Big-4 experience. Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer Ideally, you'll also have Project Management skills. Exposure to tools like ProcessUnity, ServiceNow, Archer.

Your key responsibilities Lead and work closely with the manager in the delivery of Third-Party Risk Management (TPRM) engagements. Assist / Mentor team members in vendor calls / client interactions by providing delivery updates. Perform Quality Checks on work products before delivering it to the end clients. Follow policies and procedures that support the successful implementation of TPRM operating models. Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements. Assess the application of legal and regulatory requirements to clients TPRM practices. Lead/Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes. Assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects. Build and nurture positive working relationships with clients to achieve exceptional client service. Contribute to Identifying opportunities to improve engagement profitability. Assist leadership in driving business development initiatives and account management. Participate in building strong internal relationships within GMS Services and with other services across the organization. Skills and attributes for success Maintain an educational program to develop personal skills continually. Constantly upskilling as per market trends. Understand and follow workplace policies and procedures. Exhibit initiative and participate in corporate social and team events. To qualify for the role, you must have 4 to 8 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures). Strong understanding of the TPRM framework, Risk Management, Information Security practices. Demonstrate a good understanding of the Contract Risk Review management process. Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.). Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI DSS, HITRUST, etc. Good knowledge of privacy regulations such as GDPR, CCPA, etc. Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management. Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review. Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.). Good experience in LAN/WAN architectures and reviews. Good knowledge of incident management, disaster recovery, and business continuity management, cryptography. Good to have prior Big-4 experience. Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer Ideally, you'll also have Project Management skills. Exposure to tools like ProcessUnity, ServiceNow, Archer.

Third-Party Risk as a Service (TPRaaS) Senior As part of our EY- NFS TPRM team, you will help clients enhance their business performance by translating their strategies into realities. Working with EY-high performing teams, you will help clients to grow, innovate, protect, and optimize their business performance. The opportunity We're looking for Seniors with expertise inThird-Party Risk Managementto join the leadership group of ourTPRaaS team. It is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your key responsibilities Lead and work closely with the manager in the delivery of Third-Party Risk Management (TPRM) engagements. Assist / Mentor team members in vendor calls / client interactions by providing delivery updates. Perform Quality Checks on work products before delivering it to the end clients. Follow policies and procedures that support the successful implementation of TPRM operating models. Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements. Assess the application of legal and regulatory requirements to clients TPRM practices. Lead/Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes. Assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects. Build and nurture positive working relationships with clients to achieve exceptional client service. Contribute to Identifying opportunities to improve engagement profitability. Assist leadership in driving business development initiatives and account management. Participate in building strong internal relationships within GMS Services and with other services across the organization. Skills and attributes for success Maintain an educational program to develop personal skills continually. Constantly upskilling as per market trends. Understand and follow workplace policies and procedures. Exhibit initiative and participate in corporate social and team events. To qualify for the role, you must have 4 to 8 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures). Strong understanding of the TPRM framework, Risk Management, Information Security practices. Demonstrate a good understanding of the Contract Risk Review management process. Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.). Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI DSS, HITRUST, etc. Good knowledge of privacy regulations such as GDPR, CCPA, etc. Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management. Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review. Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.). Good experience in LAN/WAN architectures and reviews. Good knowledge of incident management, disaster recovery, and business continuity management, cryptography. Good to have prior Big-4 experience. Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer Ideally, you'll also have Project Management skills. Exposure to tools like ProcessUnity, ServiceNow, Archer. What we look for A Team of people with enthusiasm to develop new skills and knowledge and experience to succeed and inquisitiveness to learn new things in this fast-moving environment. Actively tracks and communicates engagement performance and planning to EY engagement management, ensuring project milestones remain on track and are completed timely. Actively mentors and trains team members on Third-Party Risk Management processes, governance, and frameworks. Works cross-functionally with team members to support and drive a collaborative team environment. Creates and design effective presentations as a means for communicating project and deliverable progress to clients. Performs sophisticated data analyses to understand client s business and identify risk Executes advanced services and supervise staff in delivering essential services. Understands client s business environment and basic risk management approaches Actively participates in decision making with engagement management and seek to understand the broader impact of current decisions. Actively contributes to improving operational efficiency on projects & internal initiatives.

Third-Party Risk as a Service (TPRaaS) Senior As part of our EY- NFS TPRM team, you will help clients enhance their business performance by translating their strategies into realities. Working with EY-high performing teams, you will help clients to grow, innovate, protect, and optimize their business performance. The opportunity We're looking for Seniors with expertise in Third-Party Risk Management to join the leadership group of our TPRaaS team . It is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your key responsibilities Lead and work closely with the manager in the delivery of Third-Party Risk Management (TPRM) engagements. Assist / Mentor team members in vendor calls / client interactions by providing delivery updates. Perform Quality Checks on work products before delivering it to the end clients. Follow policies and procedures that support the successful implementation of TPRM operating models. Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements. Assess the application of legal and regulatory requirements to clients TPRM practices. Lead/Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes. Assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects. Build and nurture positive working relationships with clients to achieve exceptional client service. Contribute to Identifying opportunities to improve engagement profitability. Assist leadership in driving business development initiatives and account management. Participate in building strong internal relationships within GMS Services and with other services across the organization. Skills and attributes for success Maintain an educational program to develop personal skills continually. Constantly upskilling as per market trends. Understand and follow workplace policies and procedures. Exhibit initiative and participate in corporate social and team events. To qualify for the role, you must have 4 to 8 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures). Strong understanding of the TPRM framework, Risk Management, Information Security practices. Demonstrate a good understanding of the Contract Risk Review management process. Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.). Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI DSS, HITRUST, etc. Good knowledge of privacy regulations such as GDPR, CCPA, etc. Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management. Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review. Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.). Good experience in LAN/WAN architectures and reviews. Good knowledge of incident management, disaster recovery, and business continuity management, cryptography. Good to have prior Big-4 experience. Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer Ideally, you'll also have Project Management skills. Exposure to tools like ProcessUnity, ServiceNow, Archer. What we look for A Team of people with enthusiasm to develop new skills and knowledge and experience to succeed and inquisitiveness to learn new things in this fast-moving environment. Actively tracks and communicates engagement performance and planning to EY engagement management, ensuring project milestones remain on track and are completed timely. Actively mentors and trains team members on Third-Party Risk Management processes, governance, and frameworks. Works cross-functionally with team members to support and drive a collaborative team environment. Creates and design effective presentations as a means for communicating project and deliverable progress to clients. Performs sophisticated data analyses to understand client s business and identify risk Executes advanced services and supervise staff in delivering essential services. Understands client s business environment and basic risk management approaches Actively participates in decision making with engagement management and seek to understand the broader impact of current decisions. Actively contributes to improving operational efficiency on projects & internal initiatives.

About KPMG in India KPMG entities in India are professional services firm(s) affiliated with KPMG International Limited. Established in August 1993, we leverage the global network of firms and possess in-depth knowledge of local laws, regulations, markets, and competition. With offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara, and Vijayawada, we are dedicated to offering services to national and international clients across various sectors. Our commitment lies in delivering rapid, performance-based, industry-focused, and technology-enabled services that demonstrate our comprehensive understanding of global and local industries and our proficiency in navigating the Indian business environment. We are an equal opportunity employer.,

You will be part of a dynamic team operating in the enterprise IT service management sector, where our main goal is to empower large scale organizations by unifying processes, data, and people on the ServiceNow cloud platform. Our projects are diverse, spanning across IT operations, customer service, and employee workflows, all focused on driving automation and resilience. Join our fully remote engineering hub in India, where we prioritize high availability, extensible architecture, and rapid feature releases. Your role will require in-depth experience with ServiceNow TPRM, GRC, IRM, including tasks such as update sets knowledge/management, dashboard creation/management, policy creation/management, check definition/instance creation/management, MID Server installation/management, Agent Client collector installation/management, event/alert management rule creation/management, and overall ITOM troubleshooting capabilities. To excel in this role, you must have at least four years of hands-on ServiceNow development experience within ITSM modules. Proficiency in JavaScript and Glide API scripting is essential, along with experience in building integrations with REST and SOAP web services. Additionally, knowledge of ServiceNow update sets, ACLs, and security models, as well as exposure to agile delivery and version control with Git, will be beneficial. Preferred qualifications include certification as a Certified Application Developer or CSA, along with an understanding of CI/CD pipelines and automated testing frameworks. In return, we offer a range of benefits and a positive work culture. You will enjoy fully remote work with flexible hours and access to modern collaboration tools. Our flat hierarchy encourages innovation, mentorship, and rapid decision-making, while we also provide a continuous learning budget for certifications and advanced ServiceNow courses. If you are passionate about API, ServiceNow development, security models, JavaScript, TPRM, update sets, REST web services, SOAP web services, ITSM, agile methodology, Glide API scripting, version control with Git, and ACLs, we invite you to join our team and contribute to our exciting projects.,

YOUR ROLE In this role you will play a key role in Incumbent should be experienced in Risk Management, Internal Controls and Audits. Understanding of Third-Party Risk Management and best practices. Strong Communication and Interpersonal skills to engage all levels, including senior management. Flexible, proactive, with ability to influence and negotiate effectively. YOUR PROFILE WHAT YOU"LL LOVE ABOUT WORKING HERE Knowledge of Operational Risk Management Framework and Internal Control Standards. Excellent email proficiency. Must think out of the box. Should have exposure in handling international Clients.

Conduct third-party/vendor risk assessments Monitor &vmanage third-party risk throughout the vendor lifecycle Implement & maintain the ISO 27001aligned ISMS Experience in TPRM, vendor risk, information security Experience of ISO 27001, NIST, SOC2

As an experienced professional with 3-5 years of experience, you will be responsible for Vendor Risk Management, Third-Party Risk Management (TPRM), Risk Assessment, and ensuring compliance with regulatory frameworks such as HIPAA, PCI, GDPR. Your shift timing will be from 6.30 pm to 3.30 am. Join Omnicom Global Solutions, a key player within Omnicom Group, a renowned global marketing and corporate communications company. Our Indian division, OGS India, provides essential products and services across various domains including Creative Services, Technology, Marketing Science, Advanced Analytics, and more. With a team of over 4000 talented professionals, we are on a rapid growth trajectory and are seeking individuals like you to contribute to our ongoing success. To qualify for this role, you must hold a Bachelor's degree, preferably in computer science, information systems, engineering, or business administration, with a minimum of 5 years of relevant experience. You should have a deep understanding of regulatory frameworks such as SOX, HIPAA, PCI, and GDPR, along with practical knowledge of risk assessment and management methodologies. Familiarity with information security management frameworks like ISO/IEC 27001, ITIL, COBIT, and NIST, as well as past experience in the Media and Entertainment industry, would be advantageous. As a part of our team, you will need to demonstrate excellent communication skills, both written and verbal, the ability to convey complex security and risk-related concepts to diverse audiences, and exceptional problem-solving abilities. You should be a collaborative team player with strategic thinking capabilities, adept at managing multiple projects within tight deadlines and dynamic environments. Your role will involve developing risk and compliance strategies aligned with business objectives to enhance cybersecurity measures across the organization. Moreover, you should possess a strong technology background enabling you to assess and challenge technology decisions effectively. Your role will also require you to rapidly grasp business strategies, identify high-impact opportunities, and lead cross-functional teams towards achieving tactical and strategic goals. Having experience in managing global teams and locations will be an added advantage, showcasing your ability to navigate challenges and leverage opportunities across diverse environments. Join us at Omnicom Global Solutions and be a part of our journey to innovate and excel in the realm of marketing and corporate communications.,

At EY, we are committed to shaping your future with confidence. We will support you in excelling in a globally connected powerhouse of diverse teams and guide your career to new heights. Join EY to contribute to building a better working world. As a Staff/Developer in the CSM/FSO/TPRM division at EY GDS-ServiceNow team, you will be responsible for resolving client issues using the ServiceNow platform. You will have the opportunity to collaborate with a high-quality team and develop innovative products to address client needs. **The opportunity** We are seeking a skilled Staff member with expertise in ServiceNow Implementation to join our EY GDS ServiceNow team. This role offers a fantastic chance to be a part of a leading firm and play a pivotal role in its growth. **Your Key Responsibilities** - Configure and customize the ServiceNow system, including creating workflows. - Develop service request fulfilment workflows based on customer requirements. - Utilize scripting tools and ServiceNow functionality to automate tasks. - Execute integrations and process automation using various tools. - Collaborate with business liaisons to deliver products that meet requirements. - Analyze user stories and internal procedures to enhance system capabilities. - Conduct system and integration testing with sample and live data. **Skills And Attributes For Success** - Experience in Integrations with Third-Party tools. - Proficiency in Playbook implementation. - Integration with internal and external applications and systems. - Knowledge of UI Builder and custom UI development. - Implementation experience in CSM, FSO, TPRM, and IRM. - Familiarity with Dispute Management Systems. **To qualify for the role, you must have** - A college degree in a related technology field or equivalent job experience. - ServiceNow CSA Certification is mandatory. - 2 to 3 years of experience in a development role. - ServiceNow CIS certifications are advantageous. **Ideally, you'll also have** - Experience with SDLC, TFS, JIRA, or similar tools. - Knowledge of ServiceNow's latest version features. **What We Look For** We seek individuals with commercial acumen, technical expertise, and a willingness to learn in a fast-paced environment. Join our multi-disciplinary team at EY and work with leading businesses globally across various industries. **What Working At EY Offers** At EY, you will have the opportunity to work on inspiring projects and receive education and coaching for personal development. We value our employees and provide support, coaching, and feedback to help you progress in your career. You will have the freedom to shape your role according to your preferences in an environment that emphasizes quality and knowledge exchange. EY is dedicated to building a better working world by creating value for clients, people, society, and the planet. Our teams leverage data, AI, and advanced technology to address pressing issues and shape the future with confidence. With a global presence in more than 150 countries and territories, EY offers a full spectrum of services in assurance, consulting, tax, strategy, and transactions.,

You should have a minimum of 1+ years of development experience in OneTrust GRC, TPRM, and Privacy. Your verbal and written communication skills should be strong, along with experience in handling GRC, TPRM, and Privacy. You will be responsible for creating/managing user groups and privileges in OneTrust, as well as creating/modifying/managing integrations, templates, and workflows in OneTrust. Monitoring integrations for performance issues/enhancements will also be part of your role. Experience with Rest APIs, SOAP APIs, and any coding language is required. A good understanding of JSON, WSDL, and XML is necessary. You should also have a good knowledge of Risks Controls and experience with Control frameworks. About KPMG in India: KPMG entities in India are professional services firms affiliated with KPMG International Limited. Established in India in August 1993, we have offices across the country in various cities. Our professionals leverage the global network of firms and are well-versed in local laws, regulations, markets, and competition. We offer services to national and international clients across sectors, focusing on providing rapid, performance-based, industry-focused, and technology-enabled services. Our goal is to reflect a shared knowledge of global and local industries and our experience of the Indian business environment. Equal Employment Opportunity Information: KPMG in India is committed to providing equal employment opportunities.,

The Global Information Security (GIS) Technology Risk Management Analyst will work with peers in Global Information Security (GIS) and across the Technology Division to ensure that third party technology risks are properly identified, assessed, monitored, and communicated in support of the overall Third Party Risk Management (TPRM) program. The Analyst will assist with the continuous improvement and daily operation of the GIS Third Party Risk Management (GIS TPRM) program. Responsibilities Include: Work with peers to identify and assess Information Security risks Conduct risk assessments using CME Groups established GIS Third Party Risk Management assessment process Collaboratively author and edit various assessment related documents including Deficiencies Observed, Summary of Work, Risk Advisory Memos, exceptions from GIS technical policies and standards, and other related output resulting from risk adjudication activities Participate in and contribute to various working groups across the Technology Division, including, but not limited to, Third Party Risk Management working group, Governance, Risk Management, and Compliance (GRC) working group, etc. Assist the GIS TPRM function with: Continuous improvement and maturation of the methods, instrumentation, training, documentation, and processes required to properly manage third party technology risks Providing advisory and consulting services to the Information Technology Management Team related to InfoSec risks, treatment strategies, and decision-making Assist in the preparation of management reports, presentations, metrics, and other documentation required to support governance functions Assist in compiling and delivering business and operational metrics at regular intervals Promoting a culture of risk awareness and accountability through training, education, and risk management consultative support Problem Solving: Objectively assess the impact, likelihood, and velocity of identified risks Objectively advise on any number of controls that will mitigate risk while not imposing undue burden on those who must implement the controls Drive objectivity and build consensus among stakeholders with widely divergent perspectives and drivers Rapidly analyze complex technical details Synthesize detailed analysis into a big picture view that can be easily understood by non-technical stakeholders in order to support risk-based decision-making for senior managers within the company Decision Making: Recommend risk treatment decisions Recommend remediation actions when risk mitigation is desired Recommend improvements to methods, instrumentation, training, documentation, and processes Recommend solutions for automating and streamlining GIS TPRM risk management practices Working Relationships: Interacts with peers across all elements of the Technology Division Communicate regularly with cross-functional peers outside of the Technology Division, including Legal, Information Governance, Global Operations, Global Assurance (Internal Audit), Enterprise Risk Management, Third Party Risk Management, and other business unit leadership Interact occasionally with industry peers from other Systemically Important Financial MarketUtilities(SIFMUs),research organizations, solution providers, etc. Required Experience: Bachelors Degree or equivalent experience Minimum of 4 to 6 years of relevant experience in publicly traded companies or finance/technology industry operations with third party risk management experience a plus Experience in at least two of the following: InfoSec (Operations, Program Management, Governance, Risk Management, etc.), Enterprise Architecture, Identity & Access Management, Application Development, Infrastructure & Operations, IT Compliance, or Internal Audit Experience working with industry based information security and / or control frameworks (NIST Cyber Security Framework, ISO 27002, COBIT, etc.) Demonstrable knowledge of a broad range of InfoSec technologies and practices Demonstrable, impeccable writing skills for technical, management, and executive audiences Additional preferred experience: Demonstrable knowledge of InfoSec risk management methods and practices Experience with operating GRC solutions Professional certification in InfoSec or Risk Management (such as CRISC, CISM, CISSP, CGEIT, CISA, etc.)

Looking for only Immediate Joiner Job Summary: We are seeking a highly skilled and experienced Third-Party Risk Deputy-Manager to manage processes across the UK and US businesses. The successful candidate will be responsible for managing the risks associated with engaging third-party vendors, suppliers, contractors, service providers and clients. They will play a key role in ensuring the integrity, security, and compliance of our third-party relationships. The Third-Party Risk Manager role requires a combination of strong analytical skills, risk management expertise, regulatory knowledge, and effective communication abilities. Technical Skill Requirements Expertise in Third Party Risk Assessment Reporting e.g., SOC1, SOC 2, IT internal audit, Information Security/cybersecurity, IT SOX, IFC Experience on implementing Third Party Risk Management framework Relevant expertise on GDPR requirements, Data privacy and protection, ISO control, NIST Standards, HIPAA. Experience in performing vendor risk assessment, due diligence, vendor evaluations, control testing, IT / infosec risk assessments, network security, Infrastructure assessments. Understanding of GAAP, GAAS, COSO and Sarbanes-Oxley Key Responsibilities: 1. Risk Assessment: Conducting and responding to comprehensive risk assessments of potential third-party vendors before engaging them. Forming TPRM process document and evaluation checklists. This involves evaluating factors such as financial stability, regulatory compliance, security protocols, and overall reputation. Timely Supplier onboarding to ensure the integration into Aptias business ecosystem while ensuring that the supplier meets our requirements, standards, and expectations. 2. Contract Review: Collaborating with the US and UK legal teams to review and negotiate contracts with third-party vendors, ensuring that they include adequate provisions for risk mitigation, compliance, data security, and performance standards. 3. Monitoring & Oversight: Implementing processes and systems to continuously monitor third-party vendors throughout the duration of their engagement. This includes tracking performance metrics, compliance with contractual obligations, and any changes in their risk profile. 4. Risk Mitigation Strategies: Developing and implementing strategies to mitigate identified risks associated with third-party relationships. This may involve implementing additional security measures, diversifying vendor portfolios, or establishing contingency plans. 5. Regulatory Compliance: Ensuring that all third-party relationships comply with relevant laws, regulations, and industry standards, such as GDPR, HIPAA, or PCI DSS. Staying abreast of regulatory developments and updating processes accordingly. 6. Communication & Reporting: Regularly communicating with internal stakeholders, including senior management and board members, regarding the status of third-party relationships and associated risks. Providing comprehensive reports and recommendations for decision-making. 7. Incident Response: Coordinating responses to any incidents or breaches involving third-party vendors, including conducting investigations, assessing the impact, and implementing corrective actions to prevent recurrence. 8. Vendor Relationship Management: Building and maintaining strong relationships with third-party vendors and clients based on transparency, communication, and mutual trust. This includes conducting regular meetings, performance reviews, and addressing any concerns or issues promptly. Qualifications & Skills: Bachelors degree in business, finance information technology, or a related field. Master's degree or relevant certifications (e.g., CRISC, CTPRP, CTPRA) preferred. Proven experience in third-party risk management, vendor management, or a related field, preferably in a regulated industry. Strong understanding of risk management principles, regulatory requirements, and industry best practices related to third-party relationships. Excellent analytical, problem-solving, and decision-making skills, with the ability to assess and prioritize risks effectively. Exceptional communication and interpersonal skills, with the ability to collaborate cross-functionally and influence stakeholders at all levels of the organization. Proficiency in using risk management tools and technologies, as well as Microsoft Office Suite (Word, Excel, PowerPoint, Outlook). Required Qualification: MBA, CA, CA (Inter), ICWA, MCA, MSc (CS), with B.E., BTech., BCA, BSc Certification: CTPRP, IRM (Level 1, 2 & 3), CISA, CISSP, ISO, NIST Preferred geography of previous work experience: Europe / US / India Language requirements: Ability to write and speak fluently in English Working Hours: 11.30 am to 8:30 pm Role & responsibilities

To implement, manage, and optimize RSA Archer GRC solutions, ensuring robust risk and compliance frameworks within Uniqus. This role involves conducting risk assessments, configuring Archer modules for various GRC functions, collaborating with stakeholders, and supporting audit and regulatory reporting to enhance organizational resilience and adherence to standards. Key Responsibilities: Implement and manage RSA Archer GRC solutions for comprehensive risk and compliance management. Conduct Risk Control Self-Assessment (RCSA) exercises to systematically identify, assess, and mitigate operational risks across the organization. Design, configure, and maintain critical Archer applications and modules, including: Enterprise Operational Risk Management Issue Management Remediation Compliance Management Third-Party Risk Management (TPRM) Work closely with various stakeholders to meticulously define business requirements and effectively translate them into technical solutions within the Archer platform. Support audit, regulatory, and compliance reporting requirements by leveraging Archer dashboards and advanced reporting tools. Continuously enhance risk assessment methodologies and frameworks to improve the effectiveness of control assessments. Monitor Archer platform performance, identify areas for improvement, and provide actionable recommendations. Provide comprehensive end-user training and ongoing support on Archer functionalities to ensure widespread adoption and proficiency. Required Skills & Qualifications: Hands-on experience with RSA Archer (version 6.x or later) in configuration, administration, and customization. Strong knowledge of GRC frameworks such as COSO, NIST, ISO 27001, and PCI DSS. Proven experience in Risk Control Self-Assessment (RCSA) methodologies. Thorough understanding of regulatory requirements including SOX, GDPR, and HIPAA. Familiarity with workflow automation, reports, dashboards, and data feeds within the Archer platform. Strong analytical and problem-solving skills, with an ability to dissect complex issues. Excellent stakeholder management and communication skills, capable of engaging diverse audiences. Preferred Qualifications (Nice to Have): RSA Archer Certification. Experience in scripting languages (e.g., JavaScript, SQL). Exposure to cloud-based GRC solutions. Knowledge of third-party risk management (TPRM) frameworks.

About KPMG in India KPMG entities in India are professional services firms affiliated with KPMG International Limited. Established in August 1993, our professionals leverage the global network of firms and possess in-depth knowledge of local laws, regulations, markets, and competition. With offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara, and Vijayawada, we are committed to delivering high-quality services to national and international clients across various sectors. At KPMG entities in India, we focus on providing rapid, performance-based, industry-focused, and technology-enabled services. Our approach reflects our shared understanding of global and local industries, as well as our extensive experience in the Indian business environment. Equal employment opportunity information,

As a ServiceNow Technical Architect at Bristol Myers Squibb, your primary responsibility will be to design, develop, and maintain the technical architecture of the ServiceNow platform. In this role, you will work closely with stakeholders, business analysts, and IT teams to understand requirements and implement solutions that enrich the platform and enhance the user experience. Your key responsibilities will include architecting, designing, developing, testing, and maintaining the ServiceNow platform according to industry best practices. You will also be accountable for supporting and managing the ServiceNow architecture lifecycle for new and existing integrations. Collaboration with cross-functional teams to deliver ServiceNow solutions, troubleshooting and resolving issues, and ensuring clear communication and transparency within the team and stakeholders are vital aspects of this role. To excel in this position, you should possess a degree in Computer Science, Information Systems, or a related field, along with at least 6 years of experience in ServiceNow development and implementation with a focus on architecture. Proficiency in various ServiceNow modules, strong analytical and problem-solving skills, excellent communication abilities, and the capacity to work independently in a fast-paced environment are essential qualifications. Additionally, experience with ServiceNow integrations, scripting languages, reporting and analytics, Agile development methodologies, performance tuning, security, compliance, and the CSDM framework will be valued. Holding certifications such as ServiceNow Certified System Administrator (CSA), Certified Application Developer (CAD), or Certified Implementation Specialist (CIS) is a plus. If you are looking for a rewarding and meaningful career that allows you to contribute to transforming the way medicine is made and delivered, consider joining our diverse team at Bristol Myers Squibb. In this role, you will have the opportunity to work on innovative solutions that impact patients" lives around the world. Bristol Myers Squibb values diversity, inclusion, and individual empowerment, providing a work environment that encourages employees to apply their talents and perspectives. The company offers competitive benefits, services, and programs to support employees in achieving their professional and personal goals. Furthermore, Bristol Myers Squibb is committed to accommodating individuals with disabilities throughout the recruitment process and ensuring a supportive work environment for all employees.,

Hiring TPRM (third party risk management) risk assessment In a world of growing cyber threats and regulatory demands, role of a TPRM Analyst has never been more vital We are seeking Governance, Risk, and Compliance (GRC) to implement robust frameworks that integrate risk management, compliance, and governance processes into our business strategy. Experience - 4 -7Years Location - Bengaluru Work Mode - Hybrid Certifications: ISO 27001 LA/LI, ISC2 CC, Security+, CTPRP, CTPRA, CISA, CISM, CRISC, CISSP (any one is preferable ) Information Security Governance, Compliance and Security Assessment, experience, with a focus on IT and IS Risk Assessments and program reviews / establishment. Familiarity with and demonstrated experience assessing against the BS ISO/IEC/SIG 27002:2005 BS 7799 standard domains, BS 25999 including Risk Assessment; Security policy; Organization of Information Security; Asset Management; HR Security; Physical and Environmental Security; Communications and Operations Management; Access Control; IS Acquisition, Development and Maintenance; IS Incident Management; Business Continuity Management; and Compliance. Broad understanding of Information Security trends, services and disciplines and experience applying them in dynamic environments. Were ready to fast-track your application if youre available to start! Think youre a perfect fit? Drop your resume bhumika.soni@weareams.com or Share this with someone you know who fits the bill.

To provide independent and control function opinion on DORA implementation at CIB level Scope : CIB activities worldwide, covering all business lines and all geographies Corporate and Institutional Banking ( CIB ) businesses are fast paced, dynamic, growing and complex. RISK ORM CIB oversees, evaluates and supervises the wider operational risks of all its business lines. The main responsibility of the role is to participate, oversee and check and challenge the programme of CIB to be compliant with DORA regulation. The candidate will work closely with the first level of defence in charge of the DORA programme and ensure the programme actions and roadmap, adequately covers DORA requirements in a sustainable and risk-controlled manner. COORDINATION with business lines ORO for DORA requirements. with reporting on DORA updates from the CIB programme to wider RISK ORM CIB and OROss with Coordination with Group RISK ORM and IT teams on any updates and instructions on DORA requirements fulfilment with RISK ORM CIB T&TR practices and OROs (i.e., TPRM, Operational Resilience, ICT) FIELD WORK Working on HIs that are in scope of DORA and ensuring these are raised and challenged adequately Working with CIB Regulatory affairs team to ensure that all supervisory requests are answered and proactive monitoring of upcoming requests by interacting with peers and other banks. DORA TPRM aspects and coordination with TPRM OROs across CIB REPORTING to the wider RISK ORM CIB community to the business lines ORO for their respective scope to RISK ORM CIB management As part of the role, the candidate will as well coordinate the RISK ORM CIB community worldwide on the DORA aspects, especially in EMEA region and be the SPOC for any DORA related matters. CONDUCT Be a role model, supporting and fostering a culture of good conduct including respect for others. Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks. Considerate of the implications of actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure, Listens and responds to feedback. Gives feedback to others. Specific Qualifications Required EXPERIENCE The successful candidate will have a proven track record in managing risks and technology in a large/global organization, with robust knowledge of technology, risks and controls, third party technology risk management. Prior experience to ICT/Business Continuity/Operational Resilience Risk Management and exposure to financial services industry is a requirement Knowledge of DORA regulation 10 years or more of suitable professional experience QUALIFICATIONS Bachelors degree in business or risk management, Information Technology, Information Security (or equivalent professional qualification). Excellent written and verbal communication skills (ENGLISH) is an absolute requirement due to the need to foster strong relationships with a broad base of stakeholders across the Bank (beyond the market activities perimeter) and to present often at senior level of the bank. FRENCH language is a plus. Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate. Team player, contributes to the success of the whole T&TR team, as well as being able to be autonomous Ability to communicate, co-operate and work well with other teams The position requires a strong analytical background across the main categories of risk and the ability to synthesize large amounts of diverse information at any one time. A strong delivery focus is required as strict deadlines are to be respected and limited time is available to roll out the program.