140 Tprm Jobs - Page 2

You will be part of KPMG in India, a professional services firm affiliated with KPMG International Limited since August 1993. Leveraging a global network, our professionals stay updated on local laws, regulations, markets, and competition. With offices across India, we offer services to national and international clients, striving to provide rapid, performance-based, industry-focused, and technology-enabled solutions tailored to global and local industries. To excel in this role, you should possess a minimum of 6+ years of development experience in OneTrust GRC, TPRM, and Privacy. Strong verbal and written communication skills are essential, with a proven track record in handling GRC, TPRM, and Privacy matters. Responsibilities will include creating/managing user groups and privileges in OneTrust, as well as modifying/integrating templates and workflows. Monitoring integrations for performance enhancements and addressing issues is a key part of the role. Proficiency in Rest APIs, SOAP APIs, and familiarity with any coding language is required. A solid understanding of JSON, WSDL, and XML is beneficial. Knowledge of risk controls, control frameworks, and experience in related areas will be advantageous. The position offers an equal employment opportunity. Qualifications: B.Tech/B.E.,

Hi Folks we have an urgent opening for the following role for one of the leading MNC Location-Pune, Banglore, Gurugram Interested candidates please share your CV on mahiclarityconsulting@gmail.com Role & responsibilities ISMS or Third-Party Risk Assessments - Ability to effectively liaise with clients and manage stakeholder expectations. - Work with client teams from various depts. Such as compliance teams, auditing and regulators to identify and document various requirements/obligations - Conducting risk assessments and audits with respect to people, process and technology. - Identification of gaps/observations, risks, opportunities and improvement of policies, processes, procedures and standards. - Documenting information security risk, recommendation and compensating controls in the form of assessment/audit reports - Collaborate with other members of the engagement team to plan and develop relevant work papers/deliverables for vendor information security reviews, define approach for vendor assessment and develop vendor evaluation model - Handle key activities of assessment/ audit life cycle: planning, execution, reporting, quality review and tracking / TPRM framework - Provide guidance and share knowledge with team members and participate in performing procedures especially focusing on complex, judgmental and/or specialized issues - Prepare detailed risk assessment reports, including findings and actionable recommendations for stakeholders and senior management. - Monitor industry trends and regulatory changes to maintain up-to-date knowledge of compliance requirements and best practices. Preferred candidate profile Qualifications & Certifications - 4+ Relevant years of experience in Third party risk management / IT Audits and Cloud security - Experience with ISO/IEC 27001 / ISO 27701 / ISO22301 implementation and audits - Preferred certifications ISO 27001 LA / ISO22301 LI or LA Offensive Security Certified Professional, CISA Interested candidates please share your CV on mahiclarityconsulting@gmail.com Thanks & Regards

Position Purpose This role will be responsible for supporting the Third-Party Technology Risk Management team in identifying and evaluating potential/ recognized risks related to Information Security, Business Continuity and Physical Security. The 3rd Party Security Risk Assessor, reporting to the Manager, Third Party Risk Management team that performs security assessments of vendors, service providers and 3rd party companies that manage systems or information for BNP Paribas Responsibilities Direct Responsibilities As a Third-Party Technology Risk Assessor, you will perform third-party information and cyber security assessment to identify, monitor, remediate, and manage third party risks across the third-party lifecycle. Risk Assessor role requires good risk experience & technology expertise (areas of information and cyber security, business continuity, incident management, compliance, and human resource security) in accurately scoring the inherent risk profile of 3rd parties, making sure the risk assessments are completed on time with quality. In addition, the role requires the ability to prioritize and drive workload. Evaluating control effectiveness and review evidence of controls by applying audit, compliance, security, and regulatory framework knowledge and experience, including, but not limited to review of: ISO 27001, SIG (Shared Assessments), TruSight, SOC / equivalent reports, as well as knowledge of controls related to Privacy, Compliance, Business Resiliency, Cyber and other risk domains. Work with Line of business partners, by navigating them through the different stages of the risk assessment life cycle and making sure that they are being compliant to the organization requirements. Communicate assessment findings and recommendations to internal stakeholders, including senior management, legal, and compliance teams as applicable. Monitor and track the identified findings as part of the assessment lifecycle. Contributing Responsibilities Actively participate in identifying process gap and should be ready to own and update/ document relevant TPTRM policies and procedures Support Internal and external TPTRM audit requirements Compile and generate Weekly/Monthly/Quarterly dashboard on KPI Technical & Behavioral Competencies Ideally in financial services with minimum of 5+ years of experience in TPRM or Risk management background. Bachelor's degree with professional certification in Information, Cyber, Network and Cloud Security. Experience with industry recognized standards for IT security controls and best practices like NIST, ISO27001, PCI DSS, COBIT, SOC 2 etc. Experience in one or more risk disciplines an advantage i.e., Information Security, Business Continuity, Data Privacy etc. Experience in Governance, Risk & Compliance (GRC) tools an advantage. Experience in providing stakeholders with specialist risk knowledge and monitoring its execution. Strong self-motivated multi-tasker who can prioritize competing tasks and stakeholders. Ability to work independently in a fast adapting and agile work environment. Proactive and deliverable focused, with a dedication to delivering against hard deadlines. Excellent analysis skills with keen eye for detail. Strong capabilities in Microsoft Excel, PowerPoint, and Word. Familiarity with vendor management, procurement, and contract negotiation. Ability to communicate effectively with both technical and non-technical stakeholders. Strong analytical and problem-solving skills. Other/Specific Qualifications (if required) Certifications such as Certified Third-Party Risk Professional (CTPRP) or Certified Information Systems Security Professional (CISSP), CISA, CISM are a plus. Frameworks ISO27001, NIST, GDPR, DORA, DPDP

Position Purpose Key Responsibilities Purpose : To provide independent and control function opinion on DORA implementation at CIB level Scope : CIB activities worldwide, covering all business lines and all geographies Corporate and Institutional Banking ( CIB ) businesses are fast paced, dynamic, growing and complex. RISK ORM CIB oversees, evaluates and supervises the wider operational risks of all its business lines. The main responsibility of the role is to participate, oversee and check and challenge the programme of CIB to be compliant with DORA regulation. The candidate will work closely with the first level of defence in charge of the DORA programme and ensure the programme actions and roadmap, adequately covers DORA requirements in a sustainable and risk-controlled manner. COORDINATION with business lines ORO for DORA requirements. with reporting on DORA updates from the CIB programme to wider RISK ORM CIB and OROss with Coordination with Group RISK ORM and IT teams on any updates and instructions on DORA requirements fulfilment with RISK ORM CIB T&TR practices and OROs (i.e., TPRM, Operational Resilience, ICT) FIELD WORK Working on HIs that are in scope of DORA and ensuring these are raised and challenged adequately Working with CIB Regulatory affairs team to ensure that all supervisory requests are answered and proactive monitoring of upcoming requests by interacting with peers and other banks. DORA TPRM aspects and coordination with TPRM OROs across CIB REPORTING to the wider RISK ORM CIB community to the business lines ORO for their respective scope to RISK ORM CIB management As part of the role, the candidate will as well coordinate the RISK ORM CIB community worldwide on the DORA aspects, especially in EMEA region and be the SPOC for any DORA related matters. CONDUCT Be a role model, supporting and fostering a culture of good conduct including respect for others. Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks. Considerate of the implications of actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure, Listens and responds to feedback. Gives feedback to others. Specific Qualifications Required EXPERIENCE The successful candidate will have a proven track record in managing risks and technology in a large/global organization, with robust knowledge of technology, risks and controls, third party technology risk management. Prior experience to ICT/Business Continuity/Operational Resilience Risk Management and exposure to financial services industry is a requirement Knowledge of DORA regulation 10 years or more of suitable professional experience QUALIFICATIONS Bachelors degree in business or risk management, Information Technology, Information Security (or equivalent professional qualification). Excellent written and verbal communication skills (ENGLISH) is an absolute requirement due to the need to foster strong relationships with a broad base of stakeholders across the Bank (beyond the market activities perimeter) and to present often at senior level of the bank. FRENCH language is a plus. Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate. Team player, contributes to the success of the whole T&TR team, as well as being able to be autonomous Ability to communicate, co-operate and work well with other teams The position requires a strong analytical background across the main categories of risk and the ability to synthesize large amounts of diverse information at any one time. A strong delivery focus is required as strict deadlines are to be respected and limited time is available to roll out the program.

Position Purpose RISK Operational Risk Management (RISK ORM), created early 2021 to oversee operational risks within the mandate of the RISK function, is organised, under the responsibility of the Group Chief Operational Risk Officer (Group CORO), around 3 Poles: RISK ORM Framework, RISK ORM Technology & Transversal Risks and RISK ORM Network. Under the authority of the Poles Manager, RISK ORM Network is made up of all the Operational Risk Officers (OROs) acting as the second line of defence (LoD2) within the Groups operational entities (Poles, Business Lines, Functions, Transversal Activities). In this context, the Common Outsourcing Controls Execution Platform (COCEP), whose missions are presented below, reports hierarchically to the Group Head of ICT Controls Testing. He/She: Contributes to protect the Bank by securing the oversight of the completeness and quality of the outsourcing register (360 RiskOp Arrangement module) to guarantee an accurate oversight of outsourcing arrangements and their characteristics, Assures the accuracy and data quality of regulatory reporting (e.g., CASPER) and notifications (e.g., IMAS), Ensures the homogeneity, the robustness and effectiveness of the outsourcing controls executed by the LoD1 by implementing LoD2 controls execution platform across Poles and Functions, Facilitate and pilot outsourcing operational risk management framework. Key success of the COCEP relies on building trusted partnerships with stakeholders and particularly with the RISK ORM Framework, TPRM and Network community and globally all entities of the Group. Responsibilities Direct Responsibilities Position Purpose RISK Operational Risk Management (RISK ORM), created early 2021 to oversee operational risks within the mandate of the RISK function, is organised, under the responsibility of the Group Chief Operational Risk Officer (Group CORO), around 3 Poles: RISK ORM Framework, RISK ORM Technology & Transversal Risks and RISK ORM Network. Under the authority of the Poles Manager, RISK ORM Network is made up of all the Operational Risk Officers (OROs) acting as the second line of defence (LoD2) within the Groups operational entities (Poles, Business Lines, Functions, Transversal Activities). In this context, the Common Outsourcing Controls Execution Platform (COCEP), whose missions are presented below, reports hierarchically to the Group Head of ICT Controls Testing. He/She: Contributes to protect the Bank by securing the oversight of the completeness and quality of the outsourcing register (360 RiskOp Arrangement module) to guarantee an accurate oversight of outsourcing arrangements and their characteristics, Assures the accuracy and data quality of regulatory reporting (e.g., CASPER) and notifications (e.g., IMAS), Ensures the homogeneity, the robustness and effectiveness of the outsourcing controls executed by the LoD1 by implementing LoD2 controls execution platform across Poles and Functions, Facilitate and pilot outsourcing operational risk management framework. Key success of the COCEP relies on building trusted partnerships with stakeholders and particularly with the RISK ORM Framework, TPRM and Network community and globally all entities of the Group. Responsibilities Direct Responsibilities The COCEP Outsourcing Risk Officer contributes to identify and reduce risks on activities delegated to third-party service providers and thus improves the efficiency of the overall activities for the Bank. Key missions of role - Outsourcing Risk (COCEP) Oversee the process of the outsourcing register data quality of regulatory reporting: Define the process to remediate data quality anomalies for CASPER regulatory reporting, Perform cross-business consistency analysis to identify inconsistencies or incorrect qualifications in the register, Identify any inconsistencies between the outsourcing register critical outsourcing arrangements data and IMAS portal, Build a process to ensure consistency between the outsourcing register and the exit strategy standard documentation (e.g., alignment between the exit plan and the outcome of assessment of the service providers substitutability, the substitutability modality, and the time-of-service providers substitutability). Verify the compliance of outsourcing regulatory documentation: Build a process and perform the verification, with the related OROs, of the alignment between the draft record in IMAS portal and the content of the notification template submitted at the Validation Committee. Build a process and perform the verification, with the related OROs, that the exit strategy documentation is available and compliant with the Group format. Execute LoD2 controls on outsourcing GCL (RISK0418): Define a process to industrialise the LoD2 control reviews on outsourcing. Perform the defined LoD2 controls plan, share the results with the related OROs and ensure that the related potential permanent control actions plans are recorded in 360 RiskOp. Facilitate and pilot outsourcing operational risk management framework: Define a process to industrialise the periodic report analysing the outsourcing operational risk management including the data quality indicators improvements and the LoD2 controls results analysis. Monitor indicators results, and cascade as appropriate to ORO Poles and Functions. Define and produce operational reporting (link with RISK ORM COE ISPL reporting stream). The COCEP Outsourcing Risk Officer reports to the Group Head of ICT Controls Testing, and locally to the Head of COCEP, India CoE. He/she actively collaborates with RISK ORM Framework and Technology & Transversal risks teams and works with the operational risk officers (ORO), outsourcing coordinators, operational permanent controllers (OPC), and subject matter experts (SME). Scope covered and organisation. The scope applies to all entities for which RISK ORM acts as a second line of defence. In addition to the elements of this document, the outsourcing framework, generic control libraries (GCL) and the operational role of the OROs, are notably described in the procedures, Second line of defences roles and responsibilities on the operational risk management framework (RISK0401), LoD2 control activities on the LoD1 control framework (RISK 0414), Group Policy pertaining to Outsourcing Risk Management Framework (RISK0417), Generic Control Library relating to outsourcing risks (RISK0418) and ORO Role and Responsibilities in the outsourcing process (ORM0005). Lastly, the legal and regulatory requirements of third-party risk management are notably, EBA guidelines on Outsourcing Arrangements, EU DORA, UK PS7/21, UK SS2/21, Solvency II, US FDIC-OCC guidance on third party relationship risk management. Contributing Responsibilities Collaboration at the India CoE level with Head of India CoE, including but not limited to the CoE level reporting requirements Effectively contribute to the CoE, RISK India Hub and ISPL on Group mandates, Objectives and priorities Help and contribute to build the CoE a positive place to work Technical & Behavioral Competencies To meet the requirements of this position, the COCEP Outsourcing Risk Officer will be expected to have a good fluency in risk analysis and monitoring, acquired through professional experience in a team in charge of operational processes or executing operational risk activities in the first or second line of defence. Moreover, general knowledge of LoD2 control management, third-party risk management, analysis and monitoring will be sought given the importance of technology in Group's business processes. We expect the COCEP Outsourcing Risk Officer to have good relationship skills to efficiently work in a group / a team / a community, qualities of communication he is able to bring to his/her interlocutors to decision-making and relay key messages, the ability to mobilise his/her direct and indirect network, and a good sense of responsibility and commitment. Last, a good analytical skills, a solid critical mind, the capacity to synthesize / simplify, to communicate orally and in writing, to animate meetings and committees, to challenge the existing and propose solutions (change management), to be pragmatic in analysis and action, to work in collaborative mode in a changing environment with respect of the deadlines, to be rigorous, will allow the newcomers in the COCEP team to take on his/her new appointment in the best conditions. Skills Preferred Has the proven ability to think outside of the box, challenge industry norms and adapt quickly to evolving requirements. Is self-aware, anticipates problems, adapts and meets them head on. Strong stakeholder management, relationship building, influencing, facilitating and presenting skills. Is solutions focused measures their output on whether issues, problems or challenges are resolved as a criteria for success. Conduct: Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure. Specific Qualifications (if required) University Degree(technical) and/or certification on Risk management Skills Referential Behavioural Skills : Attention to detail/rigor Ability to deliver/Results driven Ability to synthesize /simplify Ability to collaborate/teamwork Transversal Skills: Ability to anticipate business / strategic evolution Ability to set up relevant performance indicators Analytical Ability Ability to develop and adapt a processAbility to develop and leverage networks Education Level: BachelorDegree or equivalent Experience Level : Atleast 3 years Other/Specific Qualifications (if required) Professional qualifications/trainings relevant to technology and/or outsourcing risk,Risk management,Information security,Operational risk,cloud security

Key Responsibilities: Architect and implement ServiceNow Security Operations modules (SecOps, GRC, Vulnerability Response, Threat Intelligence). Lead integrations with third-party security platforms Venafi, PKI, SIEMs, IAM tools to create seamless, automated workflows. Design and deploy certificate lifecycle management solutions within ServiceNow using Venafi or equivalent PKI systems. Collaborate with cybersecurity teams to align ServiceNow capabilities with enterprise risk and compliance strategies. Optimise ServiceNow performance, security, and scalability across multi-domain environments. Translate governance and security requirements into actionable ServiceNow configurations and workflows. Required Skills: Strong command of ServiceNow platform, especially Security Operations and GRC modules. Hands-on experience with Venafi, or deep understanding of PKI architecture and certificate lifecycle management. Proven ability to integrate third-party tools via REST/SOAP APIs, MID Servers, and IntegrationHub. Solid grasp of cybersecurity principles threat modelling, vulnerability management, incident response. Scripting proficiency (JavaScript, GlideScript) and ServiceNow development best practices. Ability to work cross-functionally with InfoSec, Risk, and IT Ops teams. Preferred Experience: ServiceNow Certified Implementation Specialist Security Operations. Experience in regulated industries (finance, healthcare, government). Familiarity with Zero Trust architecture and identity-centric security models.

Role Description Lead and support the implementation, maintenance, and continual improvement of the Information Security Management System (ISMS) in accordance with ISO 27001 standards Drive and oversee Third-Party Risk Management (TPRM) activities, including comprehensive vendor risk assessments, due diligence, and ongoing risk monitoring Lead cybersecurity risk assessments and gap analyses to evaluate compliance with internal policies, industry best practices, and regulatory frameworks Act as a key liaison with clients, managing multiple projects, stakeholder relationships and expectations to ensure delivery of high-quality risk and compliance services Collaborate cross-functionally with client departments such as compliance, internal audit, legal, and regulatory teams to identify, interpret, and document security and compliance requirements Manage and conduct risk assessments and audits encompassing people, process, and technology, identifying risks, gaps, and opportunities for improvement Prepare and review detailed information security risk assessment and audit reports, including recommendations for mitigating controls Oversee the planning, development, and execution of vendor security reviews and assessments, including defining methodologies and vendor evaluation models Mentor and provide guidance to junior team members, sharing expertise especially on complex, judgmental, and specialized security issues Participate actively in strategy development and continuous improvement initiatives for security risk management practices Desired qualifications • 4+ Relevant years of experience in Third party risk management • Relevant years of experience in IT Audits, Cybersecurity gap assessments, Cloud Security • Experience with ISO27001 implementation and audits • Experience with ISO22301 implementation and audits • Leadership experience in Third-Party Risk Management (TPRM) and vendor risk governance • Understanding of application security and secure development lifecycle (SDLC) principles • Expertise in developing and enhancing security policies, standards, and procedures • Excellent stakeholder management, communication, and client engagement skills • Strong report writing and presentation capabilities for complex audit and risk findings • Ability to lead, mentor, and develop security risk management team • Relevant professional certifications such as CISSP, CISA, CISM, ISO 27001 Lead Auditor highly preferred.

Desired Qualifications: 3+ years of relevant experience in Third-party risk management. Relevant years of experience in IT Audits and Cloud security assessment. Experience with ISO 22301, 27001 implementation, and audits. Understanding of Third-party/vendor/supplier risk management considerations. Knowledge of Data Protection & Privacy related risks associated with Third-Parties and relevant control frameworks. Excellent written and verbal communication skills. Excellent documentation and presentation skills. Highly motivated and willing to work in local and global environments. Work experience in Infrastructure/Application Security. Work experience in IT Audit. Work experience in Information Risk Management. Preferred Certifications: CISA. CISSP, CISM, CEH, ISO 27001. CBCI / CBCP / ISO22301 LI or LA. Offensive Security Certified Professional.

Job Statement: NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360 platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a clients needs and budget, and external threat analysis, which provides critical intelligence at no-cost, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service. We are looking for a detail-oriented and proactive GRC professional with hands-on experience in SOC 2 Type 1 and Type 2, NIST CSF, NIST SP 800-53 and ISO 27001 controls. Job Responsibilities: Lead and support the implementation, maintenance, and continuous improvement of information security compliance programs, specifically focusing on SOC 2 Type 1 and Type 2, NIST Cybersecurity Framework (CSF), NIST Special Publications (SP 800-53), and ISO 27001. Develop, review, and update security policies, procedures, and guidelines to align with relevant compliance frameworks and regulatory requirements. Conduct risk assessments and gap analyses against SOC 2, NIST, and ISO 27001 controls to identify areas for improvement and ensure audit readiness. Prepare and compile documentation, evidence, and responses for audit requests efficiently and accurately. Support the identification, assessment, and mitigation of information security risks in accordance with established risk management frameworks (e.g., NIST RMF). Contribute to risk assessments and business impact analysis. Maintain comprehensive documentation of security controls, compliance activities, and remediation plans. Prepare regular reports on compliance status, key metrics, and areas of concern for management and stakeholders. Perform comprehensive third-party risk assessments to evaluate vendor compliance with information security policies. Develop and maintain TPRM processes to monitor and mitigate risks associated with external vendors. Ensure effective communication and documentation of third-party risk assessments. Assist in drafting and updating organizational policies and procedures for governance and compliance. Job Specifications: 1. Qualification: Bachelors degree in Engineering or closely related coursework in technology development disciplines Certifications Security+, CEH, ISO 27001 Lead Implementer/Lead Auditor, CISA, CISM (good to have, but not mandatory) 2. Experience: Total Experience (2): 2-4 years Seniors: 5 to 8 years Knowledge and Experience: Demonstrable experience with the implementation and/or auditing of SOC 2 Type 1 and Type 2. Solid understanding and practical experience with NIST Cybersecurity Framework (CSF) and NIST Special Publications (e.g., SP 800-53). Knowledge of various security domains such as network security, application security, data privacy, and vulnerability management. Strong understanding of information security principles and related compliance controls. Ability to articulate the relevance of the security controls Experience in delivery of Information Security risk and compliance advisory services Experience in management consulting and information security audits Experience around technology risk assessments Hands-on experience in GRC projects Proficient in preparation of reports, dashboards and documentation Ability to research and develop new risk-based security offerings Comfortable working in a project based / client serving model Personal Attributes Self-starter and quick learner requiring minimal ramp-up Excellent written, oral, and interpersonal communication skills Highly self-motivated, self-directed, and attentive to detail Ability to effectively prioritize and execute tasks in a high-pressure environment

Governance, Risk, and Compliance (GRC) Specialist Third-Party Risk Management & Training Overview We are seeking a detail-oriented and highly motivated Governance, Risk, and Compliance (GRC) Specialist with a focus on Third-Party Risk Management (TPRM) and security training. This role is critical in ensuring that our organization’s vendor relationships, cloud/SaaS engagements, and internal processes align with regulatory requirements, industry frameworks, and internal policies. The ideal candidate will combine deep knowledge of risk frameworks with hands-on experience in vendor security assessments, compliance management, and the creation of effective security awareness and training programs. Key Responsibilities Third-Party Risk Lifecycle Management – Manage the full lifecycle of third-party risk management, from onboarding to continuous monitoring and offboarding, ensuring vendor risk posture meets organizational risk appetite. Vendor Security Assessments – Conduct initial and ongoing security assessments of vendors, including reviewing questionnaires (e.g., SIG), SOC reports (SSAE18, SOC 2), penetration test results, and vendor security documentation. Cloud/SaaS Security Evaluation – Evaluate SaaS and cloud-based solutions for compliance with security policies, contractual requirements, and relevant frameworks (ISO 27001, NIST CSF, CSA CCM). Risk Identification & Remediation – Identify security and privacy risks in vendor services, recommend mitigation strategies, track remediation efforts, and validate closure of identified gaps. Contractual Security Requirements – Collaborate with Legal and Procurement to negotiate and review security clauses, data protection addendums (DPA), and Information Protection Addendums (IPA). Governance & Compliance Alignment – Ensure TPRM processes are aligned with applicable regulations (GDPR, CCPA, HIPAA, SOX) and industry standards (ISO, NIST, PCI DSS). Risk Reporting & Metrics – Maintain an up-to-date vendor risk register and produce detailed reports, dashboards, and executive summaries for leadership, regulators, and auditors. Policy & Framework Development – Assist in designing, implementing, and enhancing TPRM and GRC policies, standards, and procedures. Audit & Regulatory Support – Support internal and external audits, providing evidence and ensuring corrective actions are implemented on time. Process Optimization – Identify opportunities to enhance TPRM processes using automation, AI, and GRC tools (e.g., Archer, ServiceNow GRC, ProcessUnity, Prevalent). Security Awareness & Training – Develop and deliver targeted security awareness and GRC training programs for employees, focusing on vendor risk, compliance obligations, and data protection. Stakeholder Engagement – Partner with security engineering, risk, legal, procurement, and business units to ensure cohesive risk management strategies. Incident Management Support – Collaborate with the SOC and incident response teams when a vendor-related incident occurs, including forensic review and contractual notification obligations. Continuous Improvement & Benchmarking – Stay informed about emerging risks, regulatory changes, and industry best practices to enhance the TPRM program. Regulatory Intelligence – Track and interpret evolving regulatory requirements that may impact vendor relationships and adjust processes accordingly. Training Evaluation – Measure the effectiveness of training programs through assessments, simulations, and user feedback to ensure continuous improvement. Required Qualifications Bachelor’s or Master’s degree in Information Security, Risk Management, or related discipline. 3–7 years of experience in GRC, third-party risk management, or vendor security assurance roles. Strong knowledge of frameworks and standards (ISO 27001/2, NIST CSF, SOC 2, PCI DSS). Experience with GRC and TPRM platforms (RSA Archer, ServiceNow GRC, ProcessUnity, MetricStream). Familiarity with cloud and SaaS security principles. Excellent communication, negotiation, and stakeholder management skills. Ability to translate technical risks into business impact for senior leadership. Preferred Certifications Certified Third Party Risk Professional (CTPRP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) ISO 27001 Lead Auditor / Lead Implementer Certified Information Privacy Professional (CIPP)

Job Summary: We are seeking a motivated and experienced GRC Specialist to support and enhance our Governance, Risk, and Compliance framework. The ideal candidate will be responsible for implementing and maintaining standards such as ISO 27001 , ISMS , BCMS , and Third Party Risk Management (TPRM) across the organization. You will work closely with cross-functional teams to ensure regulatory compliance, risk mitigation, and business continuity. Key Responsibilities: Governance & Compliance: Develop, implement, and maintain the organizations Information Security Management System (ISMS) in accordance with ISO 27001 standards. Monitor compliance with internal security policies and regulatory requirements. Coordinate and conduct periodic internal audits, risk assessments, and compliance reviews. Risk Management: Identify, assess, and mitigate information security risks across the enterprise. Support development and execution of risk treatment plans and continuous monitoring processes. Manage and enhance the Third-Party Risk Management (TPRM) program, including onboarding, due diligence, and periodic assessments of vendors. Business Continuity: Implement and maintain the Business Continuity Management System (BCMS) in line with ISO 22301 standards. Support business units in developing and testing Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs). Conduct Business Impact Analysis (BIA) and ensure recovery strategies are up-to-date. Policy & Documentation: Develop and maintain security and compliance policies, procedures, and guidelines. Ensure proper documentation of controls, findings, and remediation efforts. Training & Awareness: Conduct GRC training sessions and awareness programs across the organization. Promote a culture of compliance and risk-aware behavior. Required Skills & Qualifications: Bachelor’s degree in Information Security, Computer Science, Risk Management, or related field. 3–7 years of experience in GRC, information security, or risk management roles. Strong knowledge and hands-on experience with: ISMS (Information Security Management System) ISO 27001 implementation and audits BCMS (Business Continuity Management System) / ISO 22301 TPRM (Third-Party Risk Management) Familiarity with data protection regulations (e.g., GDPR, HIPAA, etc.) Certifications preferred: ISO 27001 Lead Implementer/Auditor , CRISC , CISA , CBCP , or similar. Excellent communication, documentation, and stakeholder management skills. Ability to work independently and manage multiple priorities.

Location: Pan India Conduct due diligence on third parties, including their compliance, credit, reputational, operational, and cybersecurity risks. Contribute to the development and implementation of TPRM policies and procedures. Develop and maintain monitoring plans to track third-party performance and ensure controls are operating effectively. Prepare reports and dashboards for senior management on TPRM activities and findings. Collaborate with various stakeholders, including legal, compliance, procurement, and IT security, to ensure TPRM objectives are met. Support the on-boarding and off-boarding of third parties, ensuring proper contract negotiations and documentation. Analyze and report on issues and events related to third-party risks, identifying trends and developing remediation plans. Develop and deliver training materials and awareness campaigns to educate employees on TPRM procedures. Lead the TPRM support team and frontend customer discussions. Should have 2-3 years of TPRM experience and experience in leading a team. Relevant experience of ProcessUnity or other TPRM tools Good communication skills

Your work profile As a practitioner in our Cyber Team, youll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - • Responsible for ISO 27001 based Information Security Management System implementation and sustenance • Assess client information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk • Responsible to assist client in review / implement Information Security controls in areas as mentioned, but not limited to: Change management process, Incident management process, Backup process, User identity and access management, Antivirus management, SLA performance and monitoring, Media handling & Exchange of information, Physical and environmental Security, and Media & Information Handling • Responsible for conducting clients vendors risk assessment and providing a holistic view of clients risk exposure due to outsourcing • Responsible for advising and assisting clients to develop and implement Information classification framework • Conduct Information Systems audits covering IT infrastructure assets • Serves as technical lead or subject matter specialist on security and privacy implementation projects, responsible for design, build, testing and deployment of solutions • Demonstrates ability to work independently on projects with limited supervision • Demonstrates understanding of complex business and information technology management processes • Demonstrates working knowledge of firm tools and methodologies that may be suitable for the engagement • Manages day-to-day client relationships at mid and lower levels. • Participates in proposal development efforts to sell "add-on" work to clients • Identifies opportunities to improve engagement economics Plays substantive role in designing and implementing business development plan for the service line • Plays substantive/lead role in retention of professionals and in building staff complement, mix, and recruiting • Undertakes initiatives in people and practice development Desired qualifications • Cyber experience ranging from 4 year to 12 yrs is mandatory. Levels being hired for: Analyst, Senior Analyst, Consultant, AM, DM • B.E / B.Tech (Tier 1/2) in Computer Science, Information Technology or related fields • ISO 27001 LA/LI, ISO 31000 LA/LI, ISO 22301 LA/LI, CISA, ITIL, or equivalent certification • Strong communication skills (written & verbal) • Understanding of basic business and information technology management processes. • Basic knowledge in one or more security and privacy domains such as: security governance policies and procedures, risk management, compliance, identity management, network security, security architecture, security incident response, disaster recovery, business continuity management, privacy and data protection Work Mode- * Office*

We are seeking a strategic and execution-focused Product Implementation Manager with extensive experience in Supplier Relationship Management (SRM) or related areas such as procurement, supply chain, ESG, or TPRM. As the Product Implementation Manager, you will be responsible for leading the implementation of our AI-enabled SRM platform solutions for enterprise clients. Your main objective will be to ensure a seamless onboarding process that enhances supplier performance, compliance, and collaboration. Your role will involve managing client implementations and product enablement from the initial kickoff to the go-live stage. You will work towards aligning stakeholders across various departments including procurement, IT, Legal, TPRM, and supplier networks. Your expertise in supplier lifecycle management and business processes will play a crucial role in translating client requirements into effective platform configurations, process designs, and integrations. Key Responsibilities: - Project Ownership: Lead end-to-end implementation of SRM solutions, managing timelines, deliverables, risk mitigation, and stakeholder engagement. - Client Discovery & Design: Conduct in-depth discovery sessions to understand client procurement workflows, TPRM processes, supplier segmentation strategies, risk controls, and compliance requirements. - AI Enablement: Configure and guide clients on utilizing embedded AI capabilities such as supplier risk prediction, performance analytics, Clause recommendation, and smart onboarding tools. - Tailored Configuration: Translate procurement and supplier governance requirements into actionable solution designs, workflows, and platform configurations. - Stakeholder Alignment: Collaborate with various stakeholders to ensure a smooth solution rollout. - Supplier Enablement: Assist clients in supplier onboarding, data migration, training, and adoption strategies. - Cross-functional Liaison: Coordinate with Product, Engineering, and Operations teams to deliver high-quality implementations aligned with roadmap capabilities. - Process Optimization: Gather feedback to identify areas for improvement in delivery frameworks, onboarding practices, and product features related to supplier management. - Go-live Success: Lead user acceptance testing, go-live planning, and post-launch support to ensure value realization and a seamless handover to the success/support teams. - Continuous Improvement: Provide feedback to Product and Engineering teams based on real-world implementation use cases to enhance platform performance and address feature gaps. Qualifications: - Bachelor's degree in finance, business, Information Systems, or a related field. - 12-15 years of overall experience with 5+ years in Supplier Relationship Management, Procurement Tech, P2P, ESG, Third Party Risk, or ERP-related product implementation or consulting. - Familiarity with supplier onboarding, risk management, performance monitoring, and contract lifecycle processes. - Proven ability to manage complex client relationships and multi-phase implementation projects. - Experience with procurement platforms (e.g., SAP Ariba, Coupa, Ivalua, Jaggaer, Oracle Procurement Cloud) is advantageous. - Strong communication and stakeholder management skills, with the ability to bridge technical and business audiences. - Strong knowledge of ITSM, SDLC, and DevOps would be beneficial. - PMP, PRINCE2, or similar project management certifications are a plus. Nice to Have: - Experience working with tools like Azure DevOps, ServiceNow, Salesforce, or similar platforms. - Background in change management or business process consulting. - Experience in change management, procurement transformation, or supplier enablement initiatives. - Familiarity with data migration, enterprise software, or onboarding strategies at scale. - Familiarity with integrations (e.g., ERP, contract management, supplier portals). Why Join Us: - Work with a market leader in Sourcing & Supplier Management. - Help transform how enterprises manage supplier relationships and supply chain risk in a dynamic, tech-driven world. - Collaborate with procurement innovators and digital transformation leaders across industries. - Be part of a collaborative, mission-driven team focused on sustainable supplier ecosystems and measurable client success.,

The role at KPMG in India involves being part of a professional services firm affiliated with KPMG International Limited. Since its establishment in August 1993, KPMG's professionals in India have been utilizing the global network of firms while also having a deep understanding of local laws, regulations, markets, and competition. With offices spread across various cities in India including Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara, and Vijayawada, KPMG in India offers services to both national and international clients across different sectors. The focus is on delivering rapid, performance-based, industry-focused, and technology-enabled services that demonstrate a comprehensive understanding of global and local industries, as well as a profound experience in the Indian business environment. As part of KPMG in India, you will have the opportunity to work in a dynamic environment where you can leverage your skills and expertise to serve a diverse range of clients. The firm is committed to providing equal employment opportunities and fostering an inclusive workplace where individual differences are valued and respected. Your contribution to the team will be crucial in delivering high-quality services to clients and making a positive impact on the business landscape in India. If you are looking to be part of a global network of professionals and contribute to the growth and success of clients in India, KPMG offers a platform where you can thrive and excel. Join us in our mission to provide exceptional services driven by industry insights, technological advancements, and a deep understanding of the local and global business environment.,

A career in Cybersecurity, Privacy and Forensics at PwC offers you the opportunity to address critical business and data protection challenges faced by clients. You will be an integral part of a dynamic team that is instrumental in driving strategic initiatives, data analytics, innovation, deals, cyber resilience, response, and technical implementations. Collaborating with top professionals in the field both at PwC and across the globe, you will contribute to the Third Party Risk Management (TPRM) team. This team is dedicated to assisting clients in evaluating, designing, implementing, and maintaining effective third-party risk programs throughout the contract lifecycle. Your role will involve assessing the controls required pre-contracting with vendors, contractors, or suppliers, as well as post-contract activities focused on ongoing monitoring. Collaborating with third parties worldwide, you will ensure the establishment of robust control environments to provide clients with assurance regarding the presence of reasonable and defensible controls. With the increasing trend of companies outsourcing and transitioning to cloud services, the demand for TPRM has surged. Your efforts will support clients in transforming their businesses, fostering trust within their ecosystems, managing risks efficiently, and establishing accountability and control in their third-party relationships. The team's focus extends to developing TPRM business plans, conducting cost-benefit analyses, defining target operating models, devising short and long-term strategies, and enhancing the overall effectiveness of TPRM programs. By joining this team, you will collaborate with cross-Line of Service (xLoS) professionals at PwC across various third-party risk domains, including cybersecurity, privacy, human resources, legal, technology, financial, fraud, regulatory, and industry-specific risks, to assist organizations in enhancing their TPRM programs strategically, operationally, and for long-term sustainability. To excel and thrive in a rapidly evolving world, it is essential for every individual at PwC to embody authentic and inclusive leadership qualities across all levels and service lines. The PwC Professional framework serves as a guiding light, setting clear expectations for skills required for success and advancement in careers globally. As a Senior Associate, you will collaborate with a team of problem solvers to address complex business challenges spanning from strategy formulation to execution. Your responsibilities at this level include utilizing feedback and reflection for self-awareness and personal development, delegating tasks to offer growth opportunities to others, generating innovative solutions to problems, extracting insights from current business trends using diverse tools and techniques, ensuring quality, accuracy, and relevance in your work and that of others, sharing insightful thought leadership, employing effective communication to influence others, adapting behavior to cultivate diverse relationships, and upholding the firm's ethical standards and business conduct. Responsibilities: - Supporting territory engagement teams in conducting vendor management, assessments, and managed services in alignment with reporting guidelines. - Handling multiple tasks concurrently with attention to detail and effective project management skills to manage workload and meet timelines. Minimum Degree(s): - Bachelors/Masters in Information Security - Bachelor of Commerce - Relevant certifications such as ISO 27001, ISO 31000, CISA, CISSP, CSX or other applicable qualifications Knowledge Required: - Thorough understanding of information security concepts, risk and controls, and vendor onboarding processes - Proficiency in IT controls, IT risks, internal controls, and compliance - Knowledge of privacy regulations, governance frameworks, and reporting requirements Skills Required: - Proficiency in Microsoft Office suite (Word, Excel, PowerPoint, Visio, etc.) - Strong verbal and written communication skills for effective query resolution and vendor interactions - Experience in Vendor Risk Assessments, Internal Audit, External Audit, or Statutory Audit projects - Client service orientation with a focus on relationship-building.,

The role is with KPMG in India, a professional services firm affiliated with KPMG International Limited. KPMG has been operating in India since August 1993, with a presence in multiple cities across the country, including Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara, and Vijayawada. KPMG in India serves both national and international clients across various sectors. The professionals at KPMG leverage their global network while being well-versed in local laws, regulations, markets, and competition. The firm aims to deliver rapid, performance-based, industry-focused, and technology-enabled services, drawing on their understanding of global and local industries and their experience in the Indian business environment. As an equal opportunity employer, KPMG in India values diversity and is committed to providing a workplace where all individuals are treated with respect and dignity. The firm promotes a culture of inclusion and believes in offering equal opportunities for employment to all qualified individuals, regardless of their race, gender, religion, age, disability, or any other characteristic protected by law. If you are looking to be part of a dynamic team that values excellence, integrity, and diversity, consider joining KPMG in India.,

You are a Cyber Security - TPRM professional with 4 to 6 years of experience in IT applications, infrastructure, risk, and cybersecurity. Your responsibilities include establishing security governance, conducting risk assessments and audits, identifying security risks, developing risk management strategies, and implementing security controls and standards. You will collaborate with the Information Security team and other stakeholders to ensure compliance with security best practices and standards. Additionally, you will develop and maintain security policies, procedures, and standards, report audit findings, and stay updated on the latest trends in information security and risk management. Being a self-starter, you can work independently and take complete ownership of your assigned objectives in a "semi-structured" environment.,

You will be part of KPMG in India, a professional services firm affiliated with KPMG International Limited since its establishment in August 1993. Leveraging the global network of firms, our professionals are well-versed in local laws, regulations, markets, and competition. With offices spread across India in cities like Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara, and Vijayawada, we offer services to both national and international clients across various sectors. At KPMG in India, we are committed to delivering rapid, performance-based, industry-focused, and technology-enabled services. Our approach is rooted in a deep understanding of both global and local industries, combined with our extensive experience in the Indian business environment.,

Our story Strada is a technology-enabled, people powered company committed to delivering world-class payroll, human capital management, and financial management solutions to organizations globally. With a team of more than 8,000 experts and over 30 years of expertise, Strada blends leading-edge technology with human ingenuity to help businesses across the globe design and deliver at scale. Supporting over 1,400 customers in 33 countries, Strada partners with customers at every stage of their journey, to help drive their vision forward. Its why were so driven to connect passion with purpose. Our teams experience in human insights and cloud technology gives companies and employees around the world the ability to power confident decisions, for life. With a comprehensive total rewards package, continuing education and training, and tremendous potential with a growing global organization, Strada is the perfect place to put your passion to work. To learn more about us, visit stradaglobal.com ROLE : Vendor Security Risk Management RESPONSIBILITIES : Summary The Vendor Security Risk Management Senior Associate supports the management and mitigation of security risks associated with third-party vendors. This role involves conducting risk assessments, assisting in the development of risk management strategies, and ensuring vendors comply with security policies and standards. Responsibilities • Vendor Risk Assessment : o Assist in performing security risk assessments for new and existing vendors are completed to identify potential risks and vulnerabilities. o Document and communicate assessment findings to Vendor Security Risk Mgt colleagues for review. • Risk Mitigation : o Support the development and implementation of strategies to mitigate identified security risks. o Monitor corrective actions to ensure risks are effectively managed. • Continuous Monitoring : o Assist in continuous monitoring activities to regularly assess vendors’ security performance. o Use automated tools and technologies to track and report on vendors’ compliance with security standards. • Incident Management : o At the request of the Incident Management team support the incident management process by coordinating with vendors to understand whether a vendor was impacted by an incident and ensuring timely and effective resolution. • Compliance : o Maintain up-to-date documentation and evidence of vendors’ compliance with security requirements. o Assist with regular compliance audits and assessments to verify adherence to security policies. • Training and Awareness: o Help conduct and deliver training sessions and awareness programs for internal teams on security best practices. REQUIREMENTS : Experience: o Minimum of 6 years of experience in Vendor Risk Mgt. • Skills : o Excellent communication and interpersonal skills. o Analytical and problem-solving abilities. • Personal Attributes: o High level of integrity and ethical standards. o Detail-oriented and organized. o Proactive and able to work independently. o Strong commitment to continuous improvement and professional development Required Education • Candidate must possess at least a Bachelor's/College Degree , Computer Science/Information Technology, Science & Technology or equivalent kindly inbox profiles to venkatesh.kosana@stradaglobal.com Benefits We offer programs and plans for a healthy mind, body, wallet and life because it’s important our benefits care for the whole person. Options include a variety of health coverage options, wellbeing and support programs, retirement, vacation and sick leave, maternity, paternity & adoption leave, continuing education and training as well as a number of voluntary benefit options. By applying for a position with Strada, you understand that, should you be made an offer, it will be contingent on your undergoing and successfully completing a background check consistent with Strada’s employment policies. Background checks may include some or all the following based on the nature of the position: SSN/SIN validation, education verification, employment verification, and criminal check, search against global sanctions and government watch lists, credit check, and/or drug test. You will be notified during the hiring process which checks are required by the position. Our commitment to Diversity and Inclusion Strada is committed to diversity, equity, and inclusion. We celebrate differences and believe in fostering an environment where everyone feels valued, respected, and supported. We know that diverse teams are stronger, more innovative, and more successful. At Strada, we welcome and embrace all individuals, regardless of their background, and are dedicated to creating a culture that enables every employee to thrive. Join us in building a brighter, more inclusive future. Diversity Policy Statement Strada is an Equal Employment Opportunity employer and does not discriminate against anyone based on sex, race, color, religion, creed, national origin, ancestry, age, physical or mental disability, medical condition, pregnancy, marital or domestic partner status, citizenship, military or veteran status, sexual orientation, gender, gender identity or expression, genetic information, or any other legally protected characteristics or conduct covered by federal, state or local law. In addition, we take affirmative action to employ and advance in the employment of qualified minorities, women, disabled persons, disabled veterans and other covered veterans. Strada provides reasonable accommodations to the known limitations of otherwise qualified employees and applicants for employment with disabilities and sincerely held religious beliefs, practices and observances, unless doing so would result in undue hardship. Applicants for employment may request a reasonable accommodation/modification by contacting his/her recruiter. Authorization to work in the Employing Country Applicants for employment in the country in which they are applying (Employing Country) must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the Employing Country and with Strada.

Job Role & responsibilities:- Develop and maintain Security Controls relating to 3rd Party suppliers. Carry out reviews/audits/risk assessments to ensure Third Parties are compliant to inhouse Security standards. Align 3rd Party security assurance to the group standards. Ensure Contracts include security schedules. Own relationships with third party suppliers and follow up on unresolved issues. Support, review and quality assure assurance Reporting and Dashboard Assess and develop a supplier information risk tiering to rate suppliers based on criticality of services to be delivered Engage with wider stakeholders to understand and gather supplier strategy and risk management requirements. Assess and develop a set of security requirements from Information policy framework to be included as part of supplier contract schedules Technical Skills , Experince & Qualification required:- Experince into Third party risk Management Bachelor degree in Computer Science, Engineering, or related field. An MSc Information Security would be desirable but is not essential ISO 27001 Lead Auditor certification strongly preferred In depth experience of Security domains, architectures and issues. Information Security and/or Information Technology industry certification (CISSP, CISM or equivalent) strongly preferred Immediate Joiners will be preferred only

You will be part of KPMG in India, a professional services firm affiliated with KPMG International Limited since August 1993. Leveraging the global network of firms, you will work with professionals who are well-versed in local laws, regulations, markets, and competition. KPMG has a presence across India in cities like Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara, and Vijayawada. As a member of KPMG entities in India, you will offer services to national and international clients in various sectors. Your role will involve providing rapid, performance-based, industry-focused, and technology-enabled services that demonstrate a deep understanding of global and local industries, as well as expertise in the Indian business environment. Your responsibilities will include supporting and conducting Third-Party Risk Management (TPRM) activities while adhering to equal employment opportunity guidelines. To qualify for this position, you should have a B-Tech and MBA degree.,

Role & responsibilities : Hands-on experience in stakeholder management that involves high level of co-ordination , activity tracking, reporting progress , raising red flags Good experience of dashboarding and preparing reports / presentations for different levels of mgmt. Reasonable experience in managing risk and compliance projects, coordinating tech risk assessments, third-party assessments, assessing IT General Controls, understanding how to risk-score , identification of control gaps and potential risks, recommending remediation measures Exposure to documentation drafting and creating templates experience Preferred candidate profile : Excellent problem-solving skills Attention to detail, with the ability to analyze complex issues, develop effective solutions Strong interpersonal and communication skills, essential for collaborating with various stakeholders, presenting assessment results, and negotiating remediation actions. Ability to manage multiple tasks, deadlines Stickler to timelines, matters of urgency Ability to work and proactively deliver without need for reminders and follow-ups

Role & responsibilities Develop monitoring procedures to check adherence with the regulatory norms Develop framework to review & check adherence with the regulatory norms Review exception/ deviation, provide procedural exception to functions relation to regulatory norms. Coordinate with the IRDA on regulatory audits Manage vendor management/ outsourcing risk Develop outsourcing norms as per regulatory requirement Develop vendor evaluation criteria Approve the outsourcing vendor as per the requirements Thematic Review of different process as mention in Outsourcing Risk Policy and Process Manual to assess it effectiveness and efficiency, to identify and mitigate gap with suggestion wherever required. To define Key Risk Indicator threshold pertaining to outsourcing activity and to monitor same on regular interval. Preparation and timely circulation of reports in respect of Third party risk assessment/Thematic Review to the Outsourcing Committee/ Risk Management Committees on a periodic basis Develop module & programme for increasing awareness and provide training to risk Champions & employees on ORM 1. Develop communication & training material for increasing awareness about ORM. Conduct training programme

As part of Deutsche Bank group, DWS aims to strategically transform itself via Project Lighthouse as a hybrid Asset Management operating platform; an ambitious project that delivers Procurement functionalities on DB and DWS SAP applications platform. The role offers a unique opportunity to be part of a high performing SAP Ariba Procurement transformation team implementing a strategic future state technology landscape for DWS Corporate Functions in Finance & Procurement areas. SAP Ariba Consultant is responsible for SAP Ariba Upstream (SLP, Sourcing, Contracts) configurations and overall landscape (incl SLP, Sourcing, Contract, Guided Buying, CIG, interfaces for SAP Ariba supplier Network, S/4 Hana, SAP VIM, TPRM and other application solutions) support activities. The consultant must have 8+ years of relevant SAP Ariba experience. Candidate/Applicant should be able to translate Business requirements into system specific functional & data specifications, which serve as the basis for technical solutions. Candidate/Applicant will work as an individual contributor for the lighthouse project activities and will also guide associates in the SAP Ariba support activities. This role serves as a specialist providing functional consulting support via Solution options, design, working on SAP Ariba configurations, handling system administrator role, working on Incidents, Service Requests and Jira change, create SAP Service requests and coordinate with SAP support for Service requests and any enhancements needed in SAP Ariba environment. Your key responsibilities Providing SAP Ariba functional consulting support to Business and transforming Business Requirement into SAP Ariba system solutions Provide solution options, work on design, SAP Ariba configurations, testing, cutover and implementation using Agile/Hybrid Agile methodology. Handle system administrator role, working on Incidents, Service Requests and Jira changes Create SAP Service requests and coordinate with SAP support for Service requests and any enhancements needed in SAP Ariba environment. Develop a good understanding of the activities required to execute production management functions. Support the resolution of incidents and problems within the team. Assist with the resolution of complex incidents. Ensure that the right problem-solving techniques and processes are applied Participate in regular meetings with stakeholders, prepare and document meetings, track progress. Ensure policy-compliance for SOX, ASG, ISP, Audit, etc.; Support Application audit processes and Application controls as per Banking/asset management requirements. Collect, interpret and respond to changes in production data, as appropriate. Provide regular and reliable reporting of relevant data to meet management requirements. Understand thoroughly the end to end application support process and escalation procedures, become fully conversant with all support tools that will be used to provide effective support in the relevant area (i.e. service operations). Maintain an end to end view of the application and infrastructure landscape. Support the collection, analysis and production metrics on process data for KPIs to find out improvements. Identify risks and issues related to the area. Drive knowledge management across the supported applications and ensure full compliance Drive continual service improvements Works with team members to identify areas of focus, where training may improve team performance, and improve incident resolution. Your skills and experience 8+ yrs SAP Ariba modules- Majorly in SAP Ariba SLP, Sourcing, Contracts and integration experience with SAP Ariba downstream, S/4 Hana, SAP Business network via CIG) Global Transaction Banking Experience is a plus. Experience of supporting Procurement applications landscape IITIL / best practice service context Good analytical and problem solving skills Ability to work in virtual teams and in matrix structures. Working knowledge of incident, Service Requests, change tracking tools (i.e. Service Now, Jira etc.) Education | Certification (Recommended): Bachelor (Engineering) Degree from an accredited college or university (or equivalent work experience) SAP Certifications in relevant SAP Ariba modules Technical Competencies: SAP Ariba CIG configurations & setup is a plus Business Competencies: Communication - Experienced Financial Management - Basic Industry Knowledge - Experienced Innovation - Basic Managing Complexity - Basic Product Knowledge (internal & external) Experienced Risk Management - Basic Technical Competencies: Business Continuity/Disaster Recovery Experienced Operational Management Experienced