GRC Jobs in Bengaluru

Job Title: GRC Specialist Location: Bangalore (On-site; full-time) About Locus: At Locus, we are redefining logistics decision-making with deep-tech solutions that drive efficiency, consistency, and transparency across industries like retail and FMCG/CPG. Founded in 2015 by Nishith Rastogi and Geet Garg, Locus has evolved from a women s safety geo-tracking app into a globally recognized logistics optimization platform. Our technology has empowered enterprises such as Unilever and Nestl to execute over a billion deliveries across 30+ countries. Guided by our commitment to innovation and sustainable growth, we transform complex supply chains into strategic growth enablers. Join us at Locus and be part of a team shaping the future of global logistics. Job Overview: About the Role Governance Risk and Compliance Specialist (GRC Specialist) We're looking for a candidate with 2-4 years of relevant experience. Key Responsibilities: Define, implement, and maintain the Information Security Management System (ISMS) and Privacy Information Management System (PIMS). Plan and execute periodic risk assessments. Work directly with the business units to facilitate risk assessment and risk management processes. Define, Review and Maintain the organizational information security policies, processes, procedures and control framework to ensure it is adequate to address the emerging risks due to changing environment, technology and legal requirements. Align customer and internal information security objectives to the ISMS and PIMS. Monitor and fulfill client contractual (MSA) information security and privacy obligations. Monitor and fulfill legal obligations related to protection of personal information across different jurisdictions like GDPR, CCPA. Prepare metrics based periodic reports and dashboards with support from the stakeholder functions for management review. Liaise with security vendors, suppliers, service providers and external resources for new security tools for improving security. Lead the Information Security audits / assessments / remediation and present key risks to the management. Perform the Third party Risk Assessment of Critical Vendors. Conduct Information Security and Privacy awareness and training programs for the employees as part of their induction and regular awareness. Oversee information security and privacy incident management process for incident reporting, containment, resolution and root cause analysis. Plan and coordinate BCP and DR tests. Setup guidelines for secure coding practices. Recommend security and privacy controls based on people, process and technology approach and industry best practices. Identifying solutions or writing automation scripts for solving regular tasks or optimizing processes. SOC Monitoring Activities such as. Firewall, Vulnerability, Inspector, Guarduty etc. Log Review, Incident Handling & Compliance adherence. Qualifications: Good understanding of information security compliance requirements like ISO27001, SOC2, CSA STAR and Privacy requirements like BS10012 & ISO27701. Good understanding of legal obligations towards protection of personal information across different jurisdictions like GDPR, CCPA, etc. Experience in creating and auditing security and privacy best practices and implementation of security and privacy principles across organization, to meet business goals along with customer and regulatory requirements. Experience implementing security and privacy controls for cloud platforms like AWS, Azure. Experienced in solving Audit and Regulatory Issues. Experience in auditing MDM, SSO solutions, AWS (Cloud Infra), Firewall, WAF, DLP etc. Good at solving information security compliance challenges by recommending solutions and best practices. Join Locus and become part of a visionary team that is redefining logistics through innovation and smart distribution. We provide competitive compensation, comprehensive benefits, and a collaborative environment where your expertise will drive both your growth and that of the organization. Locus is an equal opportunity employer dedicated to creating a diverse and inclusive workplace.

Cybersecurity Portfolio Manager Location: Bengaluru, India About Schneider Electric Schneider Electric is a global leader in energy management and automation, driving digital transformation for efficiency and sustainability. With a presence in over 100 countries and revenues of ~ 25 billion (FY2016), our 144,000+ employees help customers optimize their energy and processes in safe, reliable, efficient, and sustainable ways. From simple switches to advanced automation systems, our technologies reshape industries, transform cities, and enrich lives. At Schneider Electric, we believe that Life Is On. Cybersecurity at Schneider Electric Cybersecurity is a core pillar of Schneider Electric s digital strategy, ensuring secure IT/OT convergence and enabling our partners and customers to thrive in today s digital economy. Our cybersecurity efforts focus on: Strong digital governance and risk management Robust risk prevention, detection, and response strategies Protection of high-value assets Comprehensive security metrics and compliance About the Role We are seeking an experienced Cybersecurity Portfolio Manager to lead our product security initiatives within the Energy Management (EM) Central CTO Office. This role is crucial in driving transversal security strategies, aligning regulatory, technical, and business teams, and ensuring our products meet the highest security and data protection standards. You will report to the VP of Cybersecurity Innovation and Architecture and collaborate closely with product security architects, security advisors, and key stakeholders across the organization. Key Responsibilities Product Security Management: Oversee security aspects of product development and implementation, ensuring compliance with industry standards and regulations. Governance, Risk, and Compliance (GRC): Ensure adherence to security frameworks, policies, and compliance requirements. Project Management: Lead security initiatives, managing resources, timelines, and budgets effectively. Stakeholder Collaboration: Act as a bridge between technical teams, regulatory bodies, and business units to align security objectives. Documentation & Reporting: Maintain security process documentation, dashboards, and reports to track security performance and compliance. Qualifications Required: Bachelor s degree in Computer Science, Information Security, or a related field. 4 6 years of experience in cybersecurity, with a focus on product security. Strong knowledge of security principles (IT and OT), GRC, and data protection. Experience in project management and leading cross-functional teams. Excellent communication skills, with the ability to simplify complex security concepts for non-technical stakeholders. Structured, detail-oriented, and highly organized. Ability to advocate for security best practices across the organization. Familiarity with security frameworks and standards (e.g., ISO/IEC 27001, NIST). Certifications such as CISSP, CISM, or CISA (preferred). Leadership & Soft Skills Strong presentation and cross-functional collaboration skills. Ability to organize and facilitate meetings and workshops. Adaptability to shifting priorities, deadlines, and challenges. Experience working in global, matrixed organizations. Problem-solving mindset with a proactive approach to risk identification and mitigation. Self-motivated with the ability to work independently and handle multiple tasks under pressure. Join us in shaping a secure digital future at Schneider Electric! Qualification : Bachelors degree in computer science, Information Security, or a related field.

Introduction At IBM, work is more than just a job it s a calling. We are driven by innovation and a passion for solving the world s most challenging problems. Are you ready to lead in this new era of technology and collaborate with some of the brightest minds in the industry? Join us and make an impact. Your Role and Responsibilities As an OpenPages Developer within the CISO GRC Tooling Team, your work will contribute to delivering solutions that support IBM's Business Controls, Corporate Assurance, Industry Compliance, and Cybersecurity initiatives. These solutions help document SOX compliance, support internal and external auditing, and enable application security reporting. Key responsibilities include: Solution Development: Analyze requirements, design, configure, and develop solutions through the OpenPages product. Custom Code Development: Expand capabilities by writing custom code using Java and front-end technologies like JavaScript/React. Test and Support: Ensure solutions are properly tested and provide ongoing operational support to maintain high-quality performance. Compliance and Risk Management: Work as part of a Governance, Risk, and Compliance platform to manage risks, issues, and compliance reporting across IBM. Required Technical and Professional Expertise 3+ years of experience with Java, relational databases, and API development. 3+ years of experience with JavaScript. Experience with container-based deployment methodologies. Strong analytical and problem-solving skills for resolving complex business issues. Ability to translate business requirements into technical solutions effectively. Excellent communication and collaboration skills for working with cross-functional teams and stakeholders. Preferred Technical and Professional Expertise 2 years of experience with the OpenPages product. Familiarity with the Carbon Design System. Strong understanding of MVC (Model-View-Controller) and other software design patterns. Degree in Computer Science, Information Technology, or a related field. Qualification : Degree in Computer Science, Information Technology, or a related field.

Site Name: Bengaluru Luxor North Tower Posted Date: Dec 16 2024 GSK is a global biopharma company with a special purpose to unite science, technology and talent to get ahead of disease together so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns as an organization where people can thrive. Getting ahead means preventing disease as well as treating it, and we aim to impact the health of 2.5 billion people around the world over 10 years. Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves feeling welcome, valued and included. Where they can keep growing and look after their wellbeing.So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together. Key Responsibilities As a Director , R&D Tech Governance Risk and Compliance , you will be responsible for providing management and day to day support to the Senior Director for Governance, Risk & Compliance activities across the assigned business unit ensuring that Tech risks & controls from project inception to support within their business unit are identified, prioritized, effectively managed, and monitored.This role should work within the business unit to ensure Tech follows the required internal and external compliance standards and delivers a reduction in the overall risk profile for our customers. The primary responsibility of this position will be supporting R&D Tech. Additionally, this role will serve as the Bangalore site lead and play an active role in managing site-specific activities and HR related processes for GRC staff based in Bangalore GCC office. This role will provide YOU the opportunity to lead key activities to progress YOUR career. The role encompasses the following responsibilities: Risk and Compliance Consultancy on strategic programs Facilitate and approve Risk & Compliance Assessments Management and monitoring of CAPAs, Risks, Exceptions, ABAC, and Findings Contribute to the facilitation of functional Risk Management and Compliance Boards (RMCB) Partner with Business Quality Assurance teams for GxP compliance Support Internal / External audits including Audit Readiness activities Provide GRC support and oversight during application development and maintenance Software Change Management Oversight for GxP regulated applications Authorize systems releases Lead and motivate team of GRC manager and specialists Risk Management Contribute to identification and initiation of Risk mitigation projects to address significant risks impacting a Business unit, using Risk and Compliance assessments Facilitate risk identification and risk discussions within the business unit, both operational risk, product/project and strategic risk Assist Tech Business Unit management to make risk informed decisions through a comprehensive Risk Dashboard Raise and approve (where necessary) Policy Exceptions and significant Risks through the GSK integrated risk management tool (i.e., Archer). Input into, review and enforce compliance within Tech Policies and Standards as required within Business Unit Ensure emerging risks are identified and escalated appropriately and in a timely manner Support Product owners in the management of their project risks, ensuring risk identification process is embedded and operational Ensure awareness of security incident response process and report suspected security breach Partner with other GRC and Security staff to deliver a continuous training and education program to ensure ongoing awareness on new and updated Policies and Standards within their Business Unit. Governance & Compliance: Contribute to maintenance of the Business Unit delivery and operational frameworks (Activities, deliverables, roles and responsibilities) and ensure alignment to DTMS Monitor deliverable quality, ensure quality standards are being met for products/ projects, programs or operations within their remit, following a risk based approach, according to DTMS, risk and compliance assessments, and local SOPs. Contribute to providing Project Quality assurance oversight depending on the specific project risk profile, including specific assurance reviews as requested by stakeholders Ensure Business Unit activities align with Regulatory requirements and liaise with Business Quality Groups to contribute to the overall GxP validation status of the business facing application systems or services Contribute to ensuring Business Unit is keeping up with regulatory and legal requirements through a pro-active knowledge management program Quality assurance over the system change control within the Business Unit Supporting Product teams to maximize their velocity by right sizing their governance approach Audit Support Contribute to ensuring Business Unit is ready to host external inspections from regulatory bodies (i.e., FDA, EMEA, tax authorities) as well as external and internal auditors. Support management of overall Business Unit inspection readiness activities and CAPAs in liaison with the business Report status on CAPA s to Business Unit RMCB Information Policy Formation Work with the GRC GxP lead/Controls owners and DTMS team to review and approve the policy, standards, procedures, guidance and training for compliance with relevant legislation and GSK Requirements. Support reviews of the information systems for compliance with legislation and specifies any required changes within their Business Unit Support the GRC Director to implement policies, standards and procedures with aligned Tech Business GRC Consulting Support various GRC planned or remediation activities consulting with BU Tech staff to deliver Support implementation of relevant Management monitoring prog...

Architect - Cyber Security | Bengaluru, India Location: Bangalore (Bengaluru) Experience: 12 to 20 Years Industry: IT Security / Cybersecurity Architecture Job Summary: We are looking for a seasoned Cyber Security Architect with over 12 years of experience designing and managing security architectures across multiple industries. The ideal candidate will bring strong expertise in secure design principles, SSDLC implementation, and cloud security especially within Azure environments. Key Responsibilities: Lead the development and management of enterprise-wide security architectures for global, multinational organizations Participate in Security Architecture Review Boards and drive secure coding practices along with Software Security Development Life Cycle (SSDLC) implementation Develop and enforce secure design principles and security standards across platforms Create and maintain current and future state architecture diagrams, supporting the technical roadmap with a comprehensive understanding of the technology market Deliver security solution architectures aligned with the enterprise architecture framework Provide expert guidance on securing multi-tenant cloud environments, with a focus on Microsoft Azure Collaborate with cross-functional teams to align security strategies with business goals and compliance requirements Required Skills & Qualifications: Minimum 12+ years of experience in security architecture across at least two different industries, preferably including cloud service providers Proven track record with security architecture development and governance in large-scale multinational companies Experience with secure coding, SSDLC, and security architecture review processes Strong proficiency in cloud security architecture, especially Azure multi-tenant environments Bachelor s or Master s degree in Information Security, Computer Science, or related field Must hold CISSP certification (Certified Information Systems Security Professional) Experience with architecture certification such as CISSP-ISSAP is highly preferred Additional certifications or memberships in SANS, ISACA, or similar cybersecurity organizations are a plus Azure Architecture or Azure Security certifications highly desirable Lead cybersecurity architecture in a global, dynamic enterprise environment Work with cutting-edge cloud technologies and secure multi-cloud ecosystems Grow professionally with access to industry-leading certifications and training Influence enterprise security strategy at the highest level Qualification : Bachelors or Masters degree in Information Security, Computer Science, or related field

Location: Bengaluru Designation: Assistant Manager Entity: Deloitte Unleash Your Potential with Deloitte India's impact on the global economy has skyrocketed, and at Deloitte, we offer you an opportunity to unlock your potential by working alongside leaders and organizations that are shaping the future, both in the region and beyond. At Deloitte, we celebrate the whole you. Join us, and you ll be part of a team driven to make an impact that matters by collaborating, innovating, and growing together. About the Team The Technology & Transformation team is about more than just numbers. It s about building upon past achievements, addressing current challenges, and laying the foundation for future success. At Deloitte, we help organizations navigate change, ensuring they stay ahead of the curve. Learn more about the Technology & Transformation Practice. Your Role and Responsibilities As an Assistant Manager (AM) in our Cyber Team, you'll play a key role in building and maintaining positive relationships with both internal teams and clients. Your main goal will be to exceed client expectations and ensure their security and privacy needs are met. Key responsibilities include: Security and Privacy Expertise: Apply knowledge in security and privacy domains such as governance, risk management, compliance, access control, security architecture, incident response, disaster recovery, business continuity, data protection, etc. Industry Standards: Leverage frameworks and standards such as PCI-DSS, ISO/IEC 27001, ISO/IEC 17799, COBIT, ITIL, and others. Risk Management: Demonstrate a deep understanding of security controls and risk management processes. Certifications: Preferably hold certifications like CEH, CISSP, CISA, ISO 27001, ISO 22301, or equivalent. Information Security Management: Assist in ISO 27001-based Information Security Management System (ISMS) implementation and maintenance. Assessing and Improving Security Posture: Evaluate client information security posture, identify risks, and develop solutions to close gaps. Information Security Controls: Review and implement security controls across various areas such as change management, incident management, access management, antivirus management, physical security, etc. Data Privacy: Advise clients on data privacy and information security topics like data leakage prevention and identity management. Client Guidance: Serve as a subject matter expert in security and privacy, supporting clients in developing frameworks and implementing solutions. Audits & Reviews: Conduct information systems audits covering IT infrastructure and advise on best practices for data protection. Desired Qualifications Educational Background: Degree in IT, Computer Science, or related fields. Certifications: PCI-DSS, ISO 27001, ISO 31000, ISO 22301, CISA, ITIL, or equivalent certifications preferred. Other Certifications: CISSP, CEH, GSEC, GCIH, LPT, CCSK, etc. are a plus. Location and Work Style Base Location: Bengaluru Travel: This role involves occasional or frequent travel to client locations. Hybrid Work: Deloitte s default work style is hybrid, tailored to the needs of each domain. Key Expectations for the AM Role As an Assistant Manager at Deloitte, you ll be expected to embrace and live our purpose. You should challenge yourself to identify key issues that matter to clients, your team, and society. Specifically, we expect our AMs to: Inspire and Lead: Lead with integrity, inclusivity, and motivation. Create Purpose: Help shape a vision and purpose that drives positive change. Be Agile: Deliver high-quality results through collaboration and teamwork. Build Diverse Capabilities: Develop and support future capabilities within the team. Influence & Persuade: Ability to influence stakeholders and drive decisions. Collaborate for Solutions: Work together to create new solutions for clients. Drive Value: Leverage business acumen to deliver client value. Expand Business: Spot and leverage new business opportunities. Analytical Thinking: Use data and analytics to inform decisions and recommend impactful solutions. Communication: Effectively communicate and structure ideas for win-win outcomes. Engagement Management: Manage engagements to ensure timely execution and quality results. Adapt to Change: Respond resiliently to changing environments and needs. Manage Quality & Risk: Ensure high-quality results while mitigating risks. Strategic Problem Solving: Apply strategic thinking to solve complex business challenges. Tech Savvy: Use ethical technology practices to create high-impact solutions. Empathy & Inclusion: Foster a safe, inclusive environment where everyone is valued. Growth at Deloitte Connect for Impact: Work alongside exceptional professionals solving complex global issues and making a positive impact on the community, society, and the planet. Empower to Lead: Regardless of your career level, you ll have opportunities to inspire, support, and grow both professionally and personally. Inclusion for All: We value diversity and inclusivity in everything we do. At Deloitte, we are committed to creating a culture where everyone feels respected, valued, and empowered. Drive Your Career: You have the autonomy to shape your career path. With global mobility, cross-business opportunities, and continuous upskilling, you can chart a fulfilling career journey. A Culture of Wellbeing At Deloitte, we prioritize your 360-degree wellbeing. Our workspaces and initiatives cater to your unique needs, including flexibility, accessibility, safety, and support for caregiving. Join us for a workplace where you can thrive. Your Next Step: Unleash Your Potential at Deloitte! Qualification : Degree in IT, Computer Science, or related fields.

Infosec Lead Experience: 5-7 Years | Location: Bengaluru About Gameskraft: Founded in 2017, Gameskraft is one of India s fastest-growing online gaming companies. Our mission is to build a safe, secure, and responsible gaming ecosystem while delivering unmatched experiences through innovation and technology. As the industry s only ISO 27001 and ISO 9001 certified company, we set the highest benchmarks in security, design, and performance. Job Summary: We are seeking an experienced Infosec Lead to drive our security strategy, ensuring robust web security, application security, and compliance across the organization. You will be responsible for leading a team of security professionals, implementing best-in-class security measures, and ensuring compliance with industry regulations such as HIPAA, PCI-DSS, ISO, and GDPR. Key Responsibilities: Security Strategy & Program Management: Develop, implement, and maintain a comprehensive security program to safeguard company assets, systems, and data. Collaborate with cross-functional teams to integrate security into product development and business operations. Conduct risk assessments and vulnerability analyses to identify and mitigate security threats. Compliance & Regulatory Adherence: Ensure compliance with HIPAA, PCI-DSS, ISO, GDPR, and other relevant security frameworks. Maintain security certifications and drive adherence to regulatory standards. Develop and enforce security policies, standards, and procedures. Incident Response & Risk Management: Lead incident response efforts, including investigation, containment, and remediation. Continuously monitor security threats, emerging trends, and vulnerabilities to strengthen cyber resilience. Provide security guidance and risk analysis during product launches and infrastructure changes. Team Leadership & Stakeholder Collaboration: Lead and mentor a team of security professionals, fostering a culture of security awareness across the organization. Work closely with engineering, IT, legal, and business teams to embed security best practices. Present regular security reports and key performance metrics to senior management. What You Bring to the Table: Education: Bachelor s or Master s degree in Computer Science, Information Security, or a related field. Experience: 5-7 years of experience in information security, with a strong focus on web security, application security, and compliance. Proven track record in leading security teams and managing enterprise security programs. Technical Expertise: Strong knowledge of security technologies such as firewalls, IDS/IPS, SIEM, encryption, authentication protocols, and penetration testing tools. Experience with cloud security (AWS, Azure, GCP) and DevSecOps methodologies. Familiarity with secure coding practices and application security frameworks (OWASP, NIST, CIS Controls). Hands-on expertise in risk assessment, vulnerability management, and security architecture design. Certifications (Preferred): CISSP, CISM, CISA, CEH, or equivalent industry-recognized security certifications. Soft Skills & Leadership: Strong analytical and problem-solving skills. Excellent communication and stakeholder management abilities. Ability to influence and drive security initiatives across multiple teams. Work Culture at Gameskraft: Startup Environment: Fast-paced, ownership-driven culture where innovation and agility thrive. Impactful Work: Direct contribution to securing one of India s largest gaming platforms. Collaboration: Work alongside some of the best minds in the gaming and consumer internet industry. Data-Driven: Leverage analytics to enhance security posture and decision-making. Compensation & Benefits: Attractive Compensation & ESOPs Competitive salary with equity options. Health Insurance 5 Lakh medical cover for you and your family. Car Lease Policy Exclusive leasing options for employees. Relocation Benefits Assistance with moving to Bengaluru. Free Lunch & Stocked Pantries Enjoy great food while you work! Performance-Based Growth Transparent appraisals and rapid career progression. Join Us & Secure the Future of Gaming! If you re passionate about cybersecurity, risk management, and building secure digital ecosystems, we d love to have you on board. Apply now and be part of an exciting journey at Gameskraft! Qualification : Bachelors or Masters degree in Computer Science, Information Security, or a related field.

Description At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com/. Johnson & Johnson is recruiting for some great opportunities for its Global Services (GS) in Bangalore, India which is well equipped with the latest technology and modern infrastructure. This is your chance to work with the best talent in a workforce that reflects the diverse markets Johnson & Johnson serves around the world, and an inclusive culture that values different perspectives and life experiences. Reimagine the possibilities at Johnson and Johnson Global Finance! We live this motto every day by creating exciting business solutions for the world s largest and most broadly-based healthcare company. As a member of our Global Finance team, you will have exclusive access to a network of financial professionals located in over 60 countries. This new network will help you build on your current skills and explore opportunities to grow your career in J&J. At J&J Global Finance, we value ideas for innovation and improvement and are committed to diversity and inclusion. Together we will reinvent business processes to become more effective, more efficient, and improve customer experience. We are proud to be an equal opportunity employer. The Global Services Finance organization provides best-in-class, cost-effective financial services, and compliance support in a J&J way to our Operating Companies around the world. Risk Management & Compliance (RM&C) is one of such initiative under Global Services Finance. RM&C, ASPAC is seeking a Risk Management & Compliance Analyst who will have responsibility for fulfilment of the SOX and Compliance programs across J&J entities, training and advisory along with all Compliance related support to different sectors and performing walkthroughs, sampling, testing the effectiveness of control deployment, documentation of testing results, remediation support, monitoring, audit support, project support etc. Key Responsibilities 1. Be compliant with applicable laws and regulations, and follow guidelines in the J&J Credo 2. Maintain Operational Excellence Deep expertise and knowledge of the Worldwide Procedures and compliance requirements for respective areas. Identify compliance risks and recommend solutions to remediate / prevent breach. Ensure strong internal controls are in place and maintain compliant environment across the Organisation. Responsible for performing Compliance Health Checks and other internal reviews to test the effectiveness of the control placement. Support timely closing & execution of financial periods as per closing calendar and in accordance with SLA commitments, fully observing Compliance, Internal Audit & SOX requirements. Accountable for supporting completeness, accuracy and validity of the actuals reported within process/entity scope. Work closely with all business process and IT team members to communicate compliance requirements, documentation standards, sign-offs and review processes. Provide trainings to all business process owners for any change/update in financial procedures. Support projects, business partnering with collaborators, assisting business process owners with adoption of J&J policies & procedures. Support in standard Compliance document requirements: Risk Control Matrix, Hand-off s, SOPs and submission of required SOX templates (system inventory templates, SOX questionnaires etc.). Performs control walkthrough, operational testing and discusses the findings with the process owners. Conduct compliance due diligence for transitions in-scope. Testing of preventive & detective UA/SOD Controls (e.g. granting, facilitating appropriateness & semi-annual reviews) across all ERP systems. Support Sectors during Corporate Financial Audits. Supervise and drive the Corrective Action Plan (CAP) process, to ensure audit(internal & external) recommendations and key control gaps per SOX testing are implemented and other internal control gaps are closed timely and effectively. Be A Trusted Business Partner Implement global Strategy & Solutions in line with taxonomy. Support Process Subject Matter Experts (SME's) and Operational Key Contacts (OKC's) to ensure cross sector, cross region, and cross process alignment, ensuring good documentation is maintained and consistency of a global approach Create radical Innovation Generate ideas, fosters, and implements continuous improvement attitude, identifying and pursuing process efficiency opportunities. Manage operational improvements, generating ideas and implementing in line with global standards. Qualifications Qualifications Education A minimum of a Bachelor s level degree or equivalent is required, preferably in accounting, finance, or related business subject area. ACA, CPA and/or other financial certifications is highly preferred. Required At least 1 - 3 years of post qualification experience is required: Strong knowledge and understanding of accounting and financial processes (for Trading as well as Manufacturing business), shared services and related subject matter Understanding of internal controls, risk management, US GAAP accounting, financial systems, IT development and/or production support Clear understanding of SOX 404 requirements Understanding of audit procedures and auditing practices Experience in developing and managing audit programs desirable Experience in performing audits of financial processes and systems required, preferably in manufacturing/trading/service industry At least 1 year Management / Supervisory / team handling experience i...

Audit Analyst II - IT Audit & Compliance Location: Bangalore, Karnataka Full Time Experience: 3-4 Years Work Environment: Work from Office (Occasional travel required) About the Team & Role: We are seeking a motivated and detail-oriented IT Audit Analyst to join our Audit & Compliance team. This role involves planning, executing, and reporting on IT audits across various domains, including IT infrastructure, cloud environments, SaaS applications, and compliance frameworks like ISO 27001, ISO 27701, and PCI DSS. The successful candidate will evaluate IT controls, identify risks, and recommend practical solutions to improve the organization's IT governance, risk management, and control environment. You will work independently on moderately complex audits and assist senior auditors on larger engagements. Key Responsibilities: Audit Planning & Execution: Assist in the development of risk-based IT audit plans. Plan and execute audits covering infrastructure, cloud services (AWS), and SaaS applications. Develop audit programs and testing procedures to evaluate IT controls. Compliance & Framework Audits: Conduct audits against IT security and privacy frameworks, including ISO 27001 (Information Security), ISO 27701 (Privacy Information), and PCI DSS (Payment Card Industry Data Security Standard). Risk Assessment & Analysis: Identify IT risks and control weaknesses during audits. Analyze findings and assess potential business impacts. Evaluate risk mitigation strategies. Reporting & Communication: Document audit work, prepare draft reports with findings and recommendations, and communicate results to management and stakeholders. Collaboration & Improvement: Collaborate with IT teams, business units, and external auditors. Stay up-to-date with emerging technologies, IT security threats, and audit methodologies. Contribute to continuous improvement efforts for the audit function. Qualities We re Looking For: Education & Experience: Education: Bachelor s degree in Information Systems, Computer Science, Cybersecurity, Business Administration, or related field. Experience: 3-4 years of progressive experience in IT Audit, Information Security, IT Risk Management, or a related field. Technical Skills: Strong understanding of IT infrastructure components (networks, operating systems, databases, servers, virtualization). Solid knowledge of cloud computing, specifically auditing cloud environments (AWS focus). Experience auditing SaaS solutions and assessing third-party/vendor risk management. Knowledge of IT general controls (ITGCs) and application controls. Framework & Standard Knowledge: Demonstrated experience with ISO 27001, ISO 27701, and PCI DSS standards. Familiarity with other frameworks such as NIST Cybersecurity, COBIT, and SOX ITGCs is a plus. Audit Skills: Proficiency in IT audit methodologies, risk assessment techniques, and control testing procedures. Strong analytical, problem-solving, and critical-thinking skills. Excellent written and verbal communication skills, with the ability to articulate technical issues to both technical and non-technical audiences. Attention to detail and ability to manage multiple tasks and deadlines. Proficiency with Microsoft Office Suite. Certifications & Tools: Professional certifications such as CISA, CISSP, CISM, CRISC, AWS Certified Security Specialty or similar are highly desirable. Experience with GRC (Governance, Risk, Compliance) tools. Experience with data analysis tools like ACL, IDEA, or Excel PowerQuery/Pivot. Joining our team means becoming part of a dedicated, high-performing group focused on IT governance, risk management, and compliance. As an IT Audit Analyst, you'll have the opportunity to work on exciting, challenging audits, develop your skills, and contribute to continuous improvement initiatives. We offer a collaborative and innovative environment where you can grow professionally while making an impact on the organization s success. Equal Employment Opportunity: We are an Equal Employment Opportunity employer. We do not discriminate based on race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. Qualification : Bachelors degree in Information Systems, Computer Science, Cybersecurity, Business Administration, or related field.

Job Title: IMPO UAM Authorization Analyst Location: Bengaluru, India Unit: Johnson & Johnson Innovative Medicine Principal Operations (IMPO) Job Type: Full-Time Employment Type: Permanent About Johnson & Johnson: At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, profoundly impacting health for humanity. Role Purpose: The IMPO UAM Authorization Analyst role at Johnson & Johnson is responsible for enhancing user access security and compliance within global SAP S/4 systems, while driving key User Access Management (UAM) initiatives. This role supports business adaptation through SAP S/4 HANA implementation, focusing on core SAP Manufacturing, Order to Cash, Procure to Pay, and Finance processes. The position is part of the IMUAM team, ensuring security requirements are designed and implemented compliantly within the Transcend Program, a global initiative for business transformation. Key Responsibilities: Security Workshops & Role Design: Lead security workshops to gather business and compliance requirements for role design, ensuring validation post-build for S/4 HANA Roles and Authorization requirements. UAM Strategy Development: Develop UAM strategies involving composite roles, Fiori tiles, business roles/user personas, and data security/UI masking concepts for S/4HANA. Data Validation & Compliance Documentation: Perform data validation, conduct health checks, and provide compliance documentation to ensure proper security implementation. Role Design & Testing: Design, test, and implement rule sets for SAP S/4HANA role design, ensuring they align with security protocols. User Account Setup & Support: Support role data and user account setup. Provide advice on role design testing and coordinate business UAT activities. Authorization Defects Management: Manage authorization defects and provide support for user cutover and Hypercare activities during and post-implementation. Collaboration & Training: Work closely with the Business Adaptation team to facilitate training, communication, and readiness across regions. Assist in transitioning between project phases and operational support teams. Compliance & Security Audits: Ensure compliance with internal and external standards through regular SAP security assessments and audits. Issue Troubleshooting & Resolution: Troubleshoot and resolve complex SAP security issues to maintain a secure environment. Documentation Management: Develop and maintain comprehensive documentation for SAP security policies, procedures, and configurations. Mentorship & Team Development: Train and mentor junior team members, promoting the implementation of SAP security standard processes. Qualifications: Required: Educational Background: Bachelor s degree in a relevant field (preferably Risk Management, Compliance, Audit). Experience: 6-8 years of experience in UAM within an enterprise risk management framework. Demonstrated expertise in SAP GRC Access Control and Identity Management tools. Hands-on experience with end-to-end SAP S/4HANA implementation, including Fiori. Deep knowledge of SAP authorization concepts, Segregation of Duties (SoD) mitigation, and remediation strategies. Proficiency in risk matrix/rule set maintenance, data analysis, conversion, and migration. Tools & Platforms: Experience with teamwork platforms (e.g., Confluence, Jira, MS Teams). Project Management: Strong project management and collaboration skills with experience in remote and virtual environments. Language Skills: Fluent in English with outstanding oral and written communication skills. Additional Experience: Experience in the pharmaceutical domain is a plus. Preferred: Industry Experience: Experience in Life Sciences, Pharmaceuticals, or similar industries. Leadership & Innovation: Demonstrated leadership skills with the ability to embrace innovation and promote a culture of continuous improvement. Project Management: Previous experience in a PMO role managing large-scale SAP implementation projects. Cross-Cultural Team Collaboration: Ability to work effectively with team members from different cultural and technical backgrounds. Other Requirements: Hybrid Work: Ability to work on-site a minimum of three days per week, with up to two remote workdays based on the flexible work policy. Travel: May require up to 10% domestic and/or international travel. Diversity & Inclusion: Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. We are committed to fostering an inclusive and diverse work environment, and we encourage applicants from all backgrounds to apply. We value diversity and do not discriminate based on race, color, religion, sex, sexual orientation, gender identity, age, national origin, or veteran status. Qualification : Bachelors degree in a relevant field, with a preference for studies in Risk Management, Compliance, and Audit.

Location: Bengaluru (Land of startups, street food, and tech sorcery) Region: IN (aka Incredible India ) Your Mission (Should You Choose to Accept) We re on the hunt for a Data Defender Extraordinaire who knows their way around DLP (Data Loss Prevention) tools like a wizard with their spellbook. Your daily grind? Guarding sensitive data like it s the last slice of pizza at a party. Intrigued? Read on! What You'll Be Juggling Spot the weak spots assess, predict, and eliminate risks lurking in the DLP universe. Play DLP DJ fine-tune policies, tweak settings, and generate reports that even Sherlock would envy. Be the first responder to DLP alarms, acting faster than your favorite food delivery app. Team up with data owners, legal, and compliance crews because data protection is a team sport. Stay thirsty for knowledge keep your data defense skills sharp and shiny. Continuously polish DLP workflows innovation doesn t sleep, and neither do threats. Tinker with tools troubleshoot, upgrade, and experiment with new DLP features like a mad scientist. Brainstorm like a boss find smarter ways to shield data and improve our security fortress. Identify sneaky gaps and plug them with creative solutions (your inner detective will love this). Rethink risk scores like a pro because risk is rarely a static creature. Support the incident response squad from escalations to triage, you ve got their backs. Suggest clever ways to uncover hidden sensitive data because secrets love hiding in plain sight. Partner with legal eagles & compliance gurus to keep our data playbook always regulation-ready. Research like a lone wolf and solve tech puzzles solo when needed (self-starter vibes are welcome). Who We re Looking For 5+ years fighting the good fight in InfoSec, especially around Governance, Risk & Compliance (GRC). DLP veteran you ve configured, deployed, troubleshot, and reported your way through multiple tools. Natural leader either as a subject matter expert or a hands-on lead. Analytical ninja you can spot security puzzles no one else can and know exactly when to hit the panic button. Fluent in Windows & Mac (bonus points if you speak Linux too). Words matter you can write a killer email and explain technical gobbledygook to non-tech folks without breaking a sweat. Bonus superpower: Integrity. We want someone who does the right thing, even when no one s looking. In short: If you can talk DLP like a pro, think like a hacker (but stay on the good side), and communicate like a TED speaker we should probably talk.

Job Title: Security Architect Identity & Access Management Location: Bengaluru, India Company: Blue Yonder Experience: 10+ years (including at least 5+ years in IAM) Education: Bachelor's or Master's degree in Cybersecurity, Computer Science, or related field About Blue Yonder Blue Yonder is a recognized leader in AI-driven supply chain solutions, trusted by global brands to optimize their digital commerce and supply chain operations. We thrive on innovation, collaboration, and creating technology that powers smarter supply chains. As we continue to strengthen our security posture, we are seeking a Security Architect IAM to own, evolve, and safeguard Blue Yonder s identity landscape, ensuring consistent and compliant IAM controls across the organization s global footprint. Role Scope The Security Architect IAM will play a strategic and hands-on role in defining, implementing, and managing end-to-end identity and access management capabilities for Blue Yonder. This role requires deep technical expertise, leadership acumen, and a strong understanding of cloud-based identity ecosystems, ensuring secure access to critical systems and data. Key Responsibilities Define, develop, and manage a comprehensive IAM strategy, aligned with Blue Yonder s business goals, security policies, and compliance mandates. Design, implement, and enhance authentication, authorization, identity provisioning, access governance, and privileged access management (PAM) solutions, adopting best practices and industry standards. Conduct risk assessments to identify IAM vulnerabilities and define risk mitigation plans. Lead the technical implementation of IAM solutions and provide ongoing oversight to ensure operational excellence. Develop and enforce IAM policies, procedures, and standards to foster consistent security across the enterprise. Ensure IAM solutions adhere to regulatory requirements (GDPR, HIPAA, PCI DSS, SOX) and align with frameworks like NIST-CSF and ISO/IEC 27001. Integrate IAM capabilities with other security solutions (SIEM, endpoint security, etc.) for comprehensive protection. Establish and track Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) for the IAM program. Stay updated with emerging threats, technology advancements, and industry trends, adapting the IAM strategy accordingly. Conduct maturity assessments and develop continuous improvement plans for the IAM service. Participate in security architecture reviews and work with enterprise architects to embed IAM controls into broader IT and product architecture. Partner with GRC teams to ensure all IAM-related risks are properly documented and managed, driving remediation where necessary. Collaborate with application development teams to ensure secure-by-design development and deployment of new applications. Required Qualifications & Experience 10+ years of overall cybersecurity experience, with at least 5+ years specifically focused on IAM. Strong background designing and implementing cloud-based IAM solutions (Azure AD, AWS IAM, GCP IAM). Proven expertise across: Active Directory, LDAP, SSO, MFA SAML, OAuth, OpenID Connect Privileged Access Management (PAM) and Identity Governance (IGA) Experience managing IAM programs across hybrid environments (on-prem & cloud). Strong understanding of: Secrets management, encryption, PKI, digital certificates Zero Trust Security models Experience identifying, analyzing, and remediating IAM-related security risks. Knowledge of regulatory requirements (GDPR, HIPAA, SOX, PCI DSS) and experience translating those into practical IAM controls. Demonstrated ability to lead complex IAM projects, collaborating across multiple business units and technical teams. Excellent communication and stakeholder management skills, capable of interacting with both technical teams and business leadership. Preferred Certifications CISM Certified Information Security Manager CISSP Certified Information Systems Security Professional Relevant Cloud Security certifications (Azure Security Engineer, AWS Security Specialty, GCP Security Engineer) Good to Have Skills Experience integrating IAM with: CI/CD pipelines and DevSecOps practices Containerized environments (Kubernetes, Docker) Exposure to distributed tracing and logging tools for IAM services. Experience automating IAM processes for provisioning, deprovisioning, and audit reporting. Be a part of a global leader in supply chain technology. Work on cutting-edge IAM technologies in a cloud-first environment. Partner with cross-functional teams to drive impactful security programs. Join a culture that values diversity, innovation, and continuous learning. Diversity & Inclusion at Blue Yonder At Blue Yonder, we celebrate diversity in all forms. Our DIVE (Diversity, Inclusion, Value & Equity) strategy ensures every associate feels included, respected, and empowered to bring their authentic self to work. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, disability, or veteran status. Qualification : Bachelor's or Master's degree in Cybersecurity, Computer Science, or related field

Our Mission 6sense is revolutionizing how B2B organizations generate revenue by predicting customers most likely to buy and recommending the best ways to engage with anonymous buying teams. Through Revenue AI, we unlock the ability to create, manage, and convert high-quality pipelines into revenue, reshaping how businesses thrive. Our People At 6sense, people are at the core of our mission. Guided by our values Accountability, Growth Mindset, Integrity, Fun, and One Team we foster an environment where innovation and impact are celebrated. Every team member plays a key role in shaping our industry-leading technology, making 6sense a place for risk-takers and difference-makers who measure success by the value they deliver to customers. Purpose of the Role As part of the Security Operations and Threat Management team, you will help protect 6sense by proactively preventing, detecting, investigating, and responding to security threats and incidents that may impact the business. Key Responsibilities Incident Response & Monitoring: Monitor security alerts, conduct vulnerability assessments, and analyze logs to identify and respond to security incidents. Collaborate with cross-functional teams (Infrastructure, Engineering, IT, GRC, Cloud, and Application Security) to validate alerts and resolve incidents. Threat Landscape Analysis: Perform proactive reviews to assess and address potential security risks. Continuously tune detection rules in security solutions to adapt to evolving threats. Automation & Tool Administration: Manage security tools and develop basic automation for improved efficiency. Identify and implement opportunities for process automation to enhance security operations. Documentation & Playbooks: Create and maintain a security playbook for various threat scenarios. Keep documentation, runbooks, workflows, and dashboards up to date. Performance & Objectives: Align with quarterly Key Results that support team Objectives (OKRs). Participate in the Security Operations on-call rotation to ensure prompt responses. Performance Metrics Proficient understanding of the 6sense product and platform. Participation in regular 1:1s with managers and monthly skip-level meetings. Efficient identification and closure of incidents within established SLAs. Maintenance of accurate, up-to-date documentation and proactive engagement with SecOps technologies. Educational & Experience Requirements Experience: 4+ years in a Security Operations role or similar position. Hands-on experience with security tools and cloud environments (e.g., Vulnerability Scanners, SIEM, SOAR, AWS). Knowledge: Familiarity with industry frameworks, regulations, and standards, including MITRE ATT&CK, STRIDE, ISO 27001, GDPR, SOC 2, PCI, and NIST. Understanding of AI applications in cybersecurity (preferred). Qualifications: Bachelor's degree in a related field. Relevant certifications, such as CSA, GCDA, GSOC, or CySA, are advantageous. Benefits At 6sense, we offer: Comprehensive health coverage. Paid parental leave. Generous paid time off and holidays. Quarterly self-care days off to prioritize well-being. Stock options to share in the company s success. Support and equipment to work from home or one of our offices. Join us to make an impact in the evolving cybersecurity landscape, empowering organizations to grow revenue through innovation and resilience. Qualification : Bachelor's degree in a related field

Responsibilities: B2B Sales & Account Management: Lead sales efforts in the B2B space, managing key accounts and consistently meeting or exceeding sales targets. Compliance Knowledge: Possess a strong understanding of the compliance landscape in India, particularly within the GRC sector. Software Expertise: Deep knowledge of software products in the GRC area, including technical details and market positioning. Solution Development: Gather customer or prospect requirements, develop tailored solutions and proofs of concept that align with their needs. Communication & Presentations: Deliver compelling presentations to multiple audiences, articulating complex concepts and clearly communicating solution benefits tailored to each prospect. Strategic Thinking: Use active listening and strategic thinking to solve complex problems, ensuring customer satisfaction and fostering long-term relationships. Cross-functional Collaboration: Work closely with marketing, product, and technology teams to develop unified strategies and drive the product roadmap. Customer & Partner Relationships: Build and maintain relationships with customers and partners, particularly at the management level, to drive ongoing success. Business Travel: Comfortably manage sustained business travel as required to meet with customers and partners. Thought Leadership: Produce thought leadership content, including organizing and participating in roundtables, events, webinars, and internal enablement. Product Insights: Collaborate with cross-functional teams to shape the product roadmap based on customer feedback and help remove barriers to product adoption. Qualifications: Experience: 5+ years in sales, account management, customer success, or consulting with a focus on the GRC space. Skills: Strong understanding of the compliance landscape in India. Expertise in GRC software products, technical aspects, and market positioning. Exceptional communication, presentation, and problem-solving skills. Strategic thinking, with the ability to drive solutions across teams. Experience managing relationships at the management level. Ability to produce thought leadership content. Education: A degree in Business, Technology, or a related field. Additional certifications in GRC or compliance are a plus. Qualification : Qualified Company Secretary / Legal Professional

Responsibilities: Regulatory Decoding & Analysis: Decode and interpret RBI, SEBI, and other regulatory circulars and notifications to ensure compliance with relevant legal frameworks. Compliance Checklist Preparation: Prepare and maintain comprehensive compliance checklists for various laws, including corporate, labour, HR, EHS, and taxation, ensuring regular updates based on changing regulations. Compliance Audits & Gap Assessments: Plan and execute compliance audits and gap assessments for various clients, ensuring they meet regulatory and legal requirements. Client Consulting: Provide compliance consulting services to clients in areas such as corporate governance, taxation, HR, labour laws, and industrial relations laws. Industry-Specific Compliance: Understand and advise clients on location-wise and industry-specific compliance requirements, supporting the implementation of compliance programs. Regulatory Updates & Impact Analysis: Keep clients informed about changes in the regulatory regime and assess the impact of these changes on their operations. Content Review & Newsletter Preparation: Review content libraries related to compliance checklists, prepare newsletters on recent legislative updates, notifications, circulars, and regulations, and create blogs on compliance-related topics. GRC Platform Support & Implementation: Work closely with the Product & Implementation teams for the successful implementation of Governance, Risk, and Compliance (GRC) platforms, including testing and conceptualizing new modules or changes. Ongoing Checklist Updates: Continuously update compliance checklists as and when new regulations or laws are introduced, ensuring that the content is current and accurate. Ad-hoc Tasks: Take on additional tasks as assigned to ensure the smooth functioning of the compliance and regulatory consulting process. Qualifications: Experience: 4+ years in compliance management, legal consulting, or GRC consulting with strong knowledge of regulatory frameworks like RBI, SEBI, taxation, labour, HR, and EHS laws. Skills: In-depth knowledge of compliance requirements and legal regulations. Strong analytical and research skills to decode and interpret regulatory notifications. Experience in preparing and maintaining compliance checklists and conducting audits. Ability to advise clients on complex compliance matters and stay updated on regulatory changes. Excellent written and verbal communication skills for creating reports, newsletters, and blogs. Experience in working with GRC platforms and collaboration with product teams for platform enhancements. Education: A degree in Law, Compliance, Business Administration, or a related field. Additional certifications in GRC or regulatory compliance are highly desirable.