33 Risk Assessment jobs in India

About the Role

Are you ready to shape the future of retail credit risk at BOQ Group? As our new Credit Risk Assessment Manager , you’ll play a pivotal role in ensuring the quality and integrity of our consumer lending portfolio. This is more than just a credit decisioning role — it’s a chance to influence policy, mentor network lenders, and drive a prudent yet proactive credit culture across the business.

You’ll be exercising Delegated Approval Authority (DAA) to assess and structure lending submissions, identifying trends and risks, and collaborating with internal and external stakeholders to support BOQ’s strategic growth — the right way. From coaching frontline teams to contributing to policy development, your impact will be felt across the organisation.

This role sits within our Group Risk division, reporting to the Senior Manager Retail Credit Risk, and is integral to our mission of building social capital through banking.

About you

You’re a confident decision-maker with a sharp eye for risk and a passion for responsible lending. With a background in Credit Risk and Consumer Financial Services, you bring strong stakeholder management, excellent judgement, and a collaborative spirit to everything you do.

You thrive in fast-paced environments, respond to queries with urgency, and take pride in mentoring others to elevate their credit assessment skills. You’re curious, inclusive, and lionhearted — living the BOQ Group values every day.

Whilst holding a Bachelor’s degree in Accounting, Finance or a related discipline is advantageous, what we’re really looking for is someone with deep experience, strong knowledge, and strategic influence in this Credit Risk Assessment space — someone who can collaborate and partner across Business Bank, Retail, and Risk teams to drive impactful outcomes.

Working for us is fun and fast-paced, and we are seeking top talent to take us where we want to go. BOQ Group people are easy to spot. They're smart, energetic, full of ideas and passionate about what they do. If this sounds like you and you're looking to join a multi-brand on the forefront of financial services, we'd love to chat!

About Us

BOQ Group is a truly unique group of challenger brands with a purpose – to provide a genuine alternative to Australian financial services for customers and employees.

Our family of brands (Bank of Queensland (BOQ), ME Bank, Virgin Money Australia, BOQ Specialist), each come with their own defined customer audience and brand personality, but share one goal – to build social capital through banking. That’s creating trust with customers, exploring staff potential and believing that tiny gestures and big ideas can change the world for communities.

BOQ Group’s inclusive vision is to foster a workspace that values and leverages difference and creates new possibilities, a place where our people feel confident to bring their best selves to work every day. We embrace difference and believe that our workforce should reflect the customers and communities that we serve.

Since , BOQ Group is recognised as an Employer of Choice for Gender Equality by the Workplace Gender Equality Agency (WGEA).

In , we successfully implemented an innovative Reconciliation Plan, driving positive change and promoting inclusivity across BOQ Group.

Our Benefits

At BOQ Group, we are passionate about creating an exceptional work environment that nurtures both your professional and personal growth. Our comprehensive benefits package is designed to enhance your well-being, provide financial security, and foster a sense of community and inclusion. Here are just some of the fantastic perks you can enjoy as part of our team:

We are committed to creating a workplace where everyone feels valued and supported. Join us and be part of a company that truly cares about its people and community!

IT Advisory Risk Consulting—IT Audit & Assurance 

Our client’s IT Advisory – Risk Consulting team is looking for Associate Consultants/ Consultants/ Assistant Managers to join their IT Audit & Assurance team in Bengaluru. Team provides Independent assurance on controls in place across client’s IT environment and ways to mitigate Technology risks. 

Following are some of our key solution offerings

• Risk Based IT Internal Audit
• IT SOX 404 Controls Testing, Quality Assurance
• Internal Financial Controls related to IT General Controls 
• IT General Controls as part of Financial Statements Audits
• IT Risk & Control Self-Assessment 
• Business Systems Controls / IT Application Controls 
• Auditing Emerging Technologies such as Cloud Security, Intelligent Automation, RPA, IoT etc.
• IT Attestation (SOC1/SOC2/ISAE 3402, ISAE 3000 etc.)
• Third Party/Vendor Risk Assessments 

Position: Associate Consultants/ Consultants/ Assistant Managers

Location: Bengaluru  

Requirements

Industry Experience:

• Plan, budget and execute the day-to-day activities of infrastructure audit engagements for clients
• Assess client's security landscape, assess, evaluate and recommend most suitable security solution, tools & techniques to create a threat resilient landscape using our client's differentiated approach and methodologies. Provide security concept, framework & standards for development & support client teams for the solution design, customization build and roll out to end users. 
• Perform a holistic security risk assessment of the client’s IT landscape taking various assets, threats, vulnerabilities, business impact & legal aspects into consideration. Designing and implementing controls to mitigate identified risks by lucid communication to client stakeholders. Effective persuasive/convincing abilities while communicating gaps detected during audits, risk assessments, attestation engagements.   
• Collaborate with other practice groups to review the effects of new threats and vulnerabilities in the security space to assess, remediate, test and protect client application artefacts, data and enterprise ecosystems from threat vectors as they emerge. 
• Work with other technology groups to provide cohesive solutions in Risk assessments, Financial statement audits, Attestation engagements encompassing network architecture, application, database, , standards and implementation related mandates for development, deployment and maintenance. 
• Manage teams delivering co-working discovery workshops & support delivery teams to provide assessment, remediation, testing and standards refresh for the application security practice. 
• Present and distill complex Security solutions into simple, easy to understand concepts for both technical and non-technical audiences especially in the context of opportunity pursuit. 
• Drive Innovation through Offerings: — Drive profitable growth through the execution of the strategy and the strengthening of the audit and assurance practice 
• Building innovative & collaborative solutions to bring combined offerings such as security related combinations with J2C, API, Data security as advisory & execution footprint to capture opportunities & illustrate convergence 
• Bring the audit and assurance practice to life to achieve sales and commercial opportunities in a collaborative ecosystem and follow through with support for cost effective high quality execution. 

Additional Responsibilities for Assistant Managers:

• Supervise associates and interns on engagements
• Serve as a liaison between financial services clients and upper management
• Establish and sustain long-term profitable client relationships that drive value creation, delivery excellence and a positive client work environment
• Works with the client to minimize delivery disruptions and effectively manages client urgencies.
  Qualifications
• Engineering / MBAs with atleast 6+ years of experience 
• 3+ years of experience with hands on exposure to Infrastructure / Mobile/ Web application security spanning across various technologies. 
• Working level familiarity of advanced security assessment concepts, including but not limited to –, Malware analysis, OT/ICS security, Cloud security, security in IoT, Blockchain, RPA and emerging technologies, etc. 
• Working level familiarity with Static and Dynamic Analysis tools (SAST, DAST, IAST). Ability to manage deployment & use of OWASP tools and methodologies. 
• Ability to elucidate vulnerabilities and weaknesses in the OWASP Top10,WASCTCv2, SANS Top-25 and CWE25 to client IT/ISO audiences and discuss effective defensive techniques. 
• Comprehensive understanding and previous oversight of IT hardware, software, networking, databases, API services, J2C storage, licensing and related hosting needs.
• Infrastructural configuration reviews to identify the security related gaps within the IT environment
• Preference would be given to significant experience in relevant technical knowledge: (a) financial statement – IT  Audits; (b) IT internal or IT operations audits; (c) IT SOX engagements (d) Emerging Technology Risks (e) Data Privacy and PCI-DSS risks
• Good to have, add on skills - Working level familiarity with relevant vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint or any other open source tools). Working level familiarity with web application vulnerability scanning tools (e.g. IBM AppScan, HP Fortify, Accunetix, NTO Spider, Burpsuite Pro or any other open source tools), SIEM tools (SolarWinds, Splunk, LogRhythm, IBM QRadar) 
• Ability to understand/identify best practices for infrastructure process and controls.
• CISA, CISM, CISSP, CRISC, TOGAF certifications would be an added advantage
• Prior experience in client facing / account management roles
• Possess strong domain knowledge, understanding of IT processes supporting business and possible risks in operations of at least two industry sectors
• Demonstrate integrity, values, principles, and work ethic and lead by example

Benefits

Work with one of the Big 4's in India

Healthy work Environment

Work Life Balance

Role Overview:

The Cyber & Technical Risk Assessment Officer will be responsible for identifying, analysing, and mitigating cyber and technical risks associated with banking systems, infrastructure, and digital assets. This role will ensure that the bank complies with regulatory requirements (such as RBI, SEBI, ISO, NIST, etc.), and internal risk frameworks, and maintains a strong security posture.

Required Qualifications & Skills:

Certifications (Preferred):

• CRISC, CISA, CISSP, ISO 27001 LA, CEH, or similar.

Experience:

• 8-10 years of relevant experience in Information Security domain (minimum 3 years in cyber/IT risk assessment, preferably in BFSI).
• Familiarity with GRC tools (RSA Archer, ServiceNow GRC, etc.).

Key Responsibilities:

1. Cyber & IT Risk Assessments:

• Conduct end-to-end cyber risk assessments for critical IT systems, applications, and infrastructure.
• Evaluate technology solutions and vendors for inherent risks.
• Perform periodic threat modelling and vulnerability assessments.
• Maintain risk registers and report on identified risks with remediation plans.

2. Control Reviews & Compliance:

• Assess and ensure compliance with applicable regulatory guidelines such as:
• RBI’s Cybersecurity Framework for Banks
• SEBI’s CSCRF (for REs, if applicable)
• ISO 27001, NIST CSF, PCI-DSS
• Validate implementation of security controls across endpoints, network, cloud, and application layers.

3. Governance and Reporting:

• Prepare cyber risk dashboards and submit periodic reports to senior management, CRO, and Board committees.
• Track and follow up on mitigation of identified risks.
• Coordinate with auditors (internal/external) during cyber/IT audits.

4. Third-party & Cloud Risk Management:

• Conduct third-party risk assessments for outsourced vendors and cloud service providers.
• Ensure that Service Level Agreements (SLAs) and contracts cover cyber risk clauses and responsibilities.

5. Incident Risk Evaluation:

• Participate in root cause analysis for cyber incidents.
• Assess risk impact of incidents and define compensating controls.

6. Policy and Process Development:

• Assist in drafting or updating Information Security and Risk Management policies.
• Ensure adherence to secure SDLC and DevSecOps practices.

Technical Skills:

• Understanding of firewalls, IDS/IPS, DLP, SIEM, EDR, IAM tools.
• Knowledge of cybersecurity standards and frameworks (e.g., NIST, MITRE ATT&CK).
• Ability to interpret vulnerability scan results and threat intelligence reports.

Soft Skills:

• Strong analytical and documentation skills.
• Communication and stakeholder management.
• Ability to work independently and handle multiple priorities.

Desirable:

• Hands-on experience with risk scoring methodologies.
• Exposure to cloud platforms (AWS, Azure) and their risk models.
• Experience in cybersecurity exercises, RCSA, and BIA for IT systems.

Role Overview:

The Cyber & Technical Risk Assessment Officer will be responsible for identifying, analysing, and mitigating cyber and technical risks associated with banking systems, infrastructure, and digital assets. This role will ensure that the bank complies with regulatory requirements (such as RBI, SEBI, ISO, NIST, etc.), and internal risk frameworks, and maintains a strong security posture.

Required Qualifications & Skills:

Certifications (Preferred):

• CRISC, CISA, CISSP, ISO 27001 LA, CEH, or similar.

Experience:

• 8-10 years of relevant experience in Information Security domain (minimum 3 years in cyber/IT risk assessment, preferably in BFSI).
• Familiarity with GRC tools (RSA Archer, ServiceNow GRC, etc.).

Key Responsibilities:

1. Cyber & IT Risk Assessments:

• Conduct end-to-end cyber risk assessments for critical IT systems, applications, and infrastructure.
• Evaluate technology solutions and vendors for inherent risks.
• Perform periodic threat modelling and vulnerability assessments.
• Maintain risk registers and report on identified risks with remediation plans.

2. Control Reviews & Compliance:

• Assess and ensure compliance with applicable regulatory guidelines such as:
• RBI’s Cybersecurity Framework for Banks
• SEBI’s CSCRF (for REs, if applicable)
• ISO 27001, NIST CSF, PCI-DSS
• Validate implementation of security controls across endpoints, network, cloud, and application layers.

3. Governance and Reporting:

• Prepare cyber risk dashboards and submit periodic reports to senior management, CRO, and Board committees.
• Track and follow up on mitigation of identified risks.
• Coordinate with auditors (internal/external) during cyber/IT audits.

4. Third-party & Cloud Risk Management:

• Conduct third-party risk assessments for outsourced vendors and cloud service providers.
• Ensure that Service Level Agreements (SLAs) and contracts cover cyber risk clauses and responsibilities.

5. Incident Risk Evaluation:

• Participate in root cause analysis for cyber incidents.
• Assess risk impact of incidents and define compensating controls.

6. Policy and Process Development:

• Assist in drafting or updating Information Security and Risk Management policies.
• Ensure adherence to secure SDLC and DevSecOps practices.

Technical Skills:

• Understanding of firewalls, IDS/IPS, DLP, SIEM, EDR, IAM tools.
• Knowledge of cybersecurity standards and frameworks (e.g., NIST, MITRE ATT&CK).
• Ability to interpret vulnerability scan results and threat intelligence reports.

Soft Skills:

• Strong analytical and documentation skills.
• Communication and stakeholder management.
• Ability to work independently and handle multiple priorities.

Desirable:

• Hands-on experience with risk scoring methodologies.
• Exposure to cloud platforms (AWS, Azure) and their risk models.
• Experience in cybersecurity exercises, RCSA, and BIA for IT systems.

Working with Us
Challenging. Meaningful. Life-changing. Those aren’t words that are usually associated with a job. But working at Bristol Myers Squibb is anything but usual. Here, uniquely interesting work happens every day, in every department. From optimizing a production line to the latest breakthroughs in cell therapy, this is work that transforms the lives of patients, and the careers of those who do it. You’ll get the chance to grow and thrive through opportunities uncommon in scale and scope, alongside high-achieving teams. Take your career farther than you thought possible.

Our EHS & Sustainability Enablement team is responsible for the safe, sustainable, and cost-effective construction, operation and maintenance of world-class facilities that enable the discovery, development and delivery of innovative medicines that help patients prevail over serious diseases. EHS & Sustainability Enablement Services engages the BMS global network to develop and deliver the corporate energy, water, and greenhouse gas sustainability goals while driving energy cost efficiencies and reliability enhancements through robust utilities strategies, initiatives, and operational innovations. Here, you’ll get the chance to pursue innovative ideas, and advance professionally alongside some of the brightest minds in the industry.

Position Summary

This is an outstanding opportunity to join a growing and passionate team that is focused on being a world class Product Stewardship group within Bristol Myers Squibb’s Environment, Health, Safety and Sustainability Enablement organization. As a member of the Product Stewardship group, the successful applicant will be primarily responsible for the development of a company-wide approach to perform GLP environmental fate/effects studies and environmental risk assessments according to appropriate international regulatory guidelines. This role will lead and participate on diverse multi-functional teams to deliver on-time and on-budget GLP studies and environmental risk assessments necessary to support successful clinical trials and drug registrations around the world. In addition to working on environmental risk assessments, the successful applicant will have the opportunity to participate in other aspects of the Product Stewardship program (e.g., global research projects, environmental support of sites, extended producer responsibility, chemical registrations,hazard communication). This role will also act as the primary back up for the program lead.

Key Responsibilities

Qualifications & Experience

The starting compensation for this job based in New Jersey is a range from $162,930 - $97,400, plus incentive cash and stock opportunities (based on eligibility). 

The starting compensation for this job based in Massachusetts is a range from $1 9,220 - $2 7,200, plus incentive cash and stock opportunities (based on eligibility). 

The starting pay rate takes into account characteristics of the job, such as required skills and where the job is performed. Final, individual compensation will be decided based on demonstrated experience. 

Benefit offerings are subject to the terms and conditions of the applicable plans then in effect and may include the following: Medical, pharmacy, dental and vision care. Wellbeing support such as the BMS Living Life Better program and employee assistance programs (EAP). Financial well-being resources and a 401(K). Financial protection benefits such as short- and long-term disability, life insurance, supplemental health insurance, business travel protection and survivor support. Work-life programs include paid national holidays and optional holidays, Global Shutdown days between Christmas and New Year’s holiday, up to 120 hours of paid vacation, up to two (2) paid days to volunteer, sick time off, and summer hours flexibility. Parental, caregiver, bereavement, and military leave. Family care services such as adoption and surrogacy reimbursement, fertility/infertility benefits, support for traveling mothers, and child, elder and pet care resources. Other perks like tuition reimbursement and a recognition program. 

#GPS_2025

Uniquely Interesting Work, Life-changing Careers
With a single vision as inspiring as “Transforming patients’ lives through science™ ”, every BMS employee plays an integral role in work that goes far beyond ordinary. Each of us is empowered to apply our individual talents and unique perspectives in a supportive culture, promoting global participation in clinical trials, while our shared values of passion, innovation, urgency, accountability, inclusion and integrity bring out the highest potential of each of our colleagues.

On-site Protocol

BMS has an occupancy structure that determines where an employee is required to conduct their work. This structure includes site-essential, site-by-design, field-based and remote-by-design jobs. The occupancy type that you are assigned is determined by the nature and responsibilities of your role:

Site-essential roles require 100% of shifts onsite at your assigned facility. Site-by-design roles may be eligible for a hybrid work model with at least 50% onsite at your assigned facility. For these roles, onsite presence is considered an essential job function and is critical to collaboration, innovation, productivity, and a positive Company culture. For field-based and remote-by-design roles the ability to physically travel to visit customers, patients or business partners and to attend meetings on behalf of BMS as directed is an essential job function.

BMS is dedicated to ensuring that people with disabilities can excel through a transparent recruitment process, reasonable workplace accommodations/adjustments and ongoing support in their roles. Applicants can request a reasonable workplace accommodation/adjustment prior to accepting a job offer. If you require reasonable accommodations/adjustments in completing this application, or in any part of the recruitment process, direct your inquiries to . Visit to access our complete Equal Employment Opportunity statement.

BMS cares about your well-being and the well-being of our staff, customers, patients, and communities. As a result, the Company strongly recommends that all employees be fully vaccinated for Covid-19 and keep up to date with Covid-19 boosters.

BMS will consider for employment qualified applicants with arrest and conviction records, pursuant to applicable laws in your area.

Any data processed in connection with role applications will be treated in accordance with applicable data privacy policies and regulations.