883 Risk Assessment jobs in India

• Develop and sustain meaningful relationships through building Trust and rapport with internal Santander stakeholders
• Partners with Business stakeholders to report on risks from third parties related to information security and business continuity.
• Provides leadership to other analysts and assists management in validating the quality and timely delivery of assessments
• Represent Santander's position in front of suppliers, and act as the communication link between Santander and suppliers as needed
• Management of issue resolution falling within the scope of the department

Total Number of Openings
2
About the position:
The Quantitative Risk Assessment (QRA) Engineer is part of the Facilities Process Engineering team in the Chevron ENGINE Center and is responsible for the development of quantitative risk assessment models across Chevron facilities, including complex process facilities, offshore and onshore production facilities, gas plants, storage terminals and new energy technology solutions. The ENGINE QRA engineer will utilize QRA model outputs to explain the impact of design/operations changes and safeguard effectiveness on predicted risk levels to Leadership.
Key Responsibilities:
Develop QRA models for Chevron facilities. This will entail:
- Gathering the input needed to develop the model
- Running the model and conducting quality reviews to ensure model accuracy
- Reviewing the model output against Chevron risk tolerance expectations
- Developing potential risk reduction solutions
- Utilizing QRA model outputs to explain the impact of design/operations changes, safeguard effectiveness, and risk reduction solutions on predicted risk levels to Leadership
- Provide expert input to the ongoing development and improvement of Chevron QRA tools that can be adopted throughout enterprise
- Development of Business Unit personnel competency in the execution and use of QRAs
Required Qualifications:
- Bachelor's degree in a relevant engineering discipline (mechanical, process, etc.) from a deemed/recognized (AICTE) university
Preferred Qualifications:
- 10+ years of relevant experience in Oil & Gas facilities conducting quantitative risk assessments
- Knowledge of DNV's PHAST and SAFETI and CloudQRA tools is preferred as these form the basis of Chevron's proprietary QRA tool
- Experience with computational fluid dynamic modelling of release, fires and explosions is an advantage
- Experience in both upstream and downstream operating facilities
Chevron ENGINE supports global operations, supporting business requirements across the world. Accordingly, the work hours for employees will be aligned to support business requirements. The standard work week will be Monday to Friday. Working hours are 8:00am to 5:00pm or 1.30pm to 10.30pm.
Chevron participates in E-Verify in certain locations as required by law.
Chevron Corporation is one of the world's leading integrated energy companies. Through its subsidiaries that conduct business worldwide, the company is involved in virtually every facet of the energy industry. Chevron explores for, produces and transports crude oil and natural gas; refines, markets and distributes transportation fuels and lubricants; manufactures and sells petrochemicals and additives; generates power; and develops and deploys technologies that enhance business value in every aspect of the company's operations. Chevron is based in San Ramon, Calif. More information about Chevron is available at .
Chevron is an Equal Opportunity / Affirmative Action employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status, or other status protected by law or regulation.

IT Advisory Risk Consulting—IT Audit & Assurance 

Our client’s IT Advisory – Risk Consulting team is looking for Associate Consultants/ Consultants/ Assistant Managers to join their IT Audit & Assurance team in Bengaluru. Team provides Independent assurance on controls in place across client’s IT environment and ways to mitigate Technology risks. 

Following are some of our key solution offerings

• Risk Based IT Internal Audit
• IT SOX 404 Controls Testing, Quality Assurance
• Internal Financial Controls related to IT General Controls 
• IT General Controls as part of Financial Statements Audits
• IT Risk & Control Self-Assessment 
• Business Systems Controls / IT Application Controls 
• Auditing Emerging Technologies such as Cloud Security, Intelligent Automation, RPA, IoT etc.
• IT Attestation (SOC1/SOC2/ISAE 3402, ISAE 3000 etc.)
• Third Party/Vendor Risk Assessments 

Position: Associate Consultants/ Consultants/ Assistant Managers

Location: Bengaluru  

Requirements

Industry Experience:

• Plan, budget and execute the day-to-day activities of infrastructure audit engagements for clients
• Assess client's security landscape, assess, evaluate and recommend most suitable security solution, tools & techniques to create a threat resilient landscape using our client's differentiated approach and methodologies. Provide security concept, framework & standards for development & support client teams for the solution design, customization build and roll out to end users. 
• Perform a holistic security risk assessment of the client’s IT landscape taking various assets, threats, vulnerabilities, business impact & legal aspects into consideration. Designing and implementing controls to mitigate identified risks by lucid communication to client stakeholders. Effective persuasive/convincing abilities while communicating gaps detected during audits, risk assessments, attestation engagements.   
• Collaborate with other practice groups to review the effects of new threats and vulnerabilities in the security space to assess, remediate, test and protect client application artefacts, data and enterprise ecosystems from threat vectors as they emerge. 
• Work with other technology groups to provide cohesive solutions in Risk assessments, Financial statement audits, Attestation engagements encompassing network architecture, application, database, , standards and implementation related mandates for development, deployment and maintenance. 
• Manage teams delivering co-working discovery workshops & support delivery teams to provide assessment, remediation, testing and standards refresh for the application security practice. 
• Present and distill complex Security solutions into simple, easy to understand concepts for both technical and non-technical audiences especially in the context of opportunity pursuit. 
• Drive Innovation through Offerings: — Drive profitable growth through the execution of the strategy and the strengthening of the audit and assurance practice 
• Building innovative & collaborative solutions to bring combined offerings such as security related combinations with J2C, API, Data security as advisory & execution footprint to capture opportunities & illustrate convergence 
• Bring the audit and assurance practice to life to achieve sales and commercial opportunities in a collaborative ecosystem and follow through with support for cost effective high quality execution. 

Additional Responsibilities for Assistant Managers:

• Supervise associates and interns on engagements
• Serve as a liaison between financial services clients and upper management
• Establish and sustain long-term profitable client relationships that drive value creation, delivery excellence and a positive client work environment
• Works with the client to minimize delivery disruptions and effectively manages client urgencies.
  Qualifications
• Engineering / MBAs with atleast 6+ years of experience 
• 3+ years of experience with hands on exposure to Infrastructure / Mobile/ Web application security spanning across various technologies. 
• Working level familiarity of advanced security assessment concepts, including but not limited to –, Malware analysis, OT/ICS security, Cloud security, security in IoT, Blockchain, RPA and emerging technologies, etc. 
• Working level familiarity with Static and Dynamic Analysis tools (SAST, DAST, IAST). Ability to manage deployment & use of OWASP tools and methodologies. 
• Ability to elucidate vulnerabilities and weaknesses in the OWASP Top10,WASCTCv2, SANS Top-25 and CWE25 to client IT/ISO audiences and discuss effective defensive techniques. 
• Comprehensive understanding and previous oversight of IT hardware, software, networking, databases, API services, J2C storage, licensing and related hosting needs.
• Infrastructural configuration reviews to identify the security related gaps within the IT environment
• Preference would be given to significant experience in relevant technical knowledge: (a) financial statement – IT  Audits; (b) IT internal or IT operations audits; (c) IT SOX engagements (d) Emerging Technology Risks (e) Data Privacy and PCI-DSS risks
• Good to have, add on skills - Working level familiarity with relevant vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint or any other open source tools). Working level familiarity with web application vulnerability scanning tools (e.g. IBM AppScan, HP Fortify, Accunetix, NTO Spider, Burpsuite Pro or any other open source tools), SIEM tools (SolarWinds, Splunk, LogRhythm, IBM QRadar) 
• Ability to understand/identify best practices for infrastructure process and controls.
• CISA, CISM, CISSP, CRISC, TOGAF certifications would be an added advantage
• Prior experience in client facing / account management roles
• Possess strong domain knowledge, understanding of IT processes supporting business and possible risks in operations of at least two industry sectors
• Demonstrate integrity, values, principles, and work ethic and lead by example

Benefits

Work with one of the Big 4's in India

Healthy work Environment

Work Life Balance

Total Number of Openings

2

About the position:

The Quantitative Risk Assessment (QRA) Engineer is part of the Facilities Process Engineering team in the Chevron ENGINE Center and is responsible for the development of quantitative risk assessment models across Chevron facilities, including complex process facilities, offshore and onshore production facilities, gas plants, storage terminals and new energy technology solutions. The ENGINE QRA engineer will utilize QRA model outputs to explain the impact of design/operations changes and safeguard effectiveness on predicted risk levels to Leadership.

Key Responsibilities:

Develop QRA models for Chevron facilities. This will entail:
• Gathering the input needed to develop the model
• Running the model and conducting quality reviews to ensure model accuracy
• Reviewing the model output against Chevron risk tolerance expectations
• Developing potential risk reduction solutions
• Utilizing QRA model outputs to explain the impact of design/operations changes, safeguard effectiveness, and risk reduction solutions on predicted risk levels to Leadership
• Provide expert input to the ongoing development and improvement of Chevron QRA tools that can be adopted throughout enterprise
• Development of Business Unit personnel competency in the execution and use of QRAs

Required Qualifications:

• Bachelor’s degree in a relevant engineering discipline (mechanical, process, etc.) from a deemed/recognized (AICTE) university

Preferred Qualifications:

• 10+ years of relevant experience in Oil & Gas facilities conducting quantitative risk assessments
• Knowledge of DNV’s PHAST and SAFETI and CloudQRA tools is preferred as these form the basis of Chevron’s proprietary QRA tool 
• Experience with computational fluid dynamic modelling of release, fires and explosions is an advantage
• Experience in both upstream and downstream operating facilities

Chevron ENGINE supports global operations, supporting business requirements across the world. Accordingly, the work hours for employees will be aligned to support business requirements. The standard work week will be Monday to Friday. Working hours are 8:00am to 5:00pm or 1.30pm to 10.30pm.

Chevron participates in E-Verify in certain locations as required by law.

About KPMG in India

KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada.

KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.

Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or related fields.

A minimum of 5+ years of hands-on experience in conducting cyber risk assessments and related security assessments.

Industry certifications such as CISSP, CCSP, CISA, CISM, CRISC, ISO/IEC:27001/22301/2000 LI/LA or equivalent are highly valued.

Profound knowledge of cybersecurity frameworks, industry standards, and best practices.

Proficiency in using various security assessment and techniques.

Strong analytical and problem-solving skills, with the ability to think critically and strategically.

Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences.

Demonstrated experience in project management and handling multiple assessments simultaneously.

A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development.

Network Security, infrastructure assessment and network architecture design review.

Conceptual knowledge of OT Security/ISA 62443 standard is preferable.

Equal employment opportunity information

KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.• Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls.
• Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments.
• Evaluate and interpret assessment results to identify potential vulnerabilities and risks, and provide actionable recommendations for risk mitigation.
• Stay up-to-date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments.
• Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders.
• Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies.
• Mentor and support junior team members to foster their professional growth and skills in cyber risk assessments.

The opportunity

The Technology Assurance, Risk, and Policy (TARP) function within Information Security strives to create and promote a holistic Governance, Risk, and Compliance (GRC) program by creating a robust, resilient, and proactive governance framework, supported by a strategic risk management approach and stringent compliance structures. It aims to integrate and align its GRC initiatives in line with the global firm's objectives and emerging threats within the cybersecurity landscape.

Furthermore, the Policy, Risk, and Controls (PRC) Enablement & Awareness team aims to establish policies and procedures that reflect the value we place on safeguarding our digital environment, while ensuring that these policies are effectively communicated and enforced across all levels of the organization. The Control & Risk Assessment team sits within PRC Enablement & Awareness and aims to directly enables the GRC program by designing control testing and risk assessment methodology to measure and quantify compliance to policies and control objectives.

Your key responsibilities

The Control & Risk Assessment Leader will be responsible for building and owning a control testing and risk assessment program, following the model for 1st line and 2nd line testing best-practice strategies, that routinely tests and assesses the effectiveness and efficiency of Information Security controls put in place to mitigate risks to determine if they are supporting the desired business outcomes. They will need to rank and prioritize Information Security and Information Technology controls based on their risk profiles and design testing plans, inclusive of testing procedures, which will be used to measure effectiveness while, simultaneously looking for opportunities to enhance and improve EY’s control landscape. In certain instances, they will need to plan and execute risk assessments to quantify assumptions over the risk profiles.

The Control & Risk Assessment Leader is responsible for building a team of experienced professionals to assist in executing the strategic vision and objectives of the Control & Risk Assessment testing and assessment program. The Control & Risk Assessment team will work collectively to support the Information Security Program in the areas of risk assessment methodology development and execution of risk assessments, control testing design and execution, and identification of gaps and areas of improvement utilizing testing and assessment results.

Collaboration with other Information Security groups and external stakeholders across EY is key to this role. The Control & Risk Assessment Leader will need to build a network of multi-departmental and multi-level stakeholders inclusive of, but not limited to Information Security, Client and Enterprise Technology, Data Protection, Global and Enterprise Risk Management, Internal Audit, Area and Regional Risk & Data teams, Service Line Quality Leaders, etc.

Skills and attributes for success

Own and build multi-year roadmap to establish and mature the Control & Risk Assessment program. This includes development of the team’s charter, identification of resource needs, ongoing monitoring systems and tool requirements, performance metrics, and workstream prioritization.

Build and manage control testing and risk assessment service offerings aimed at identifying potential risks and validates mitigation controls by conducting regular and systematic assessments of the organization's IT infrastructure, including networks, systems, applications, and data processes.

Based on results of assessments and testing, assist control owners with the design and implementation of their controls in the organization's IT environment. Strategize on the appropriate amount of preventive, detective, or corrective controls which will have the most impact on reducing overall risk for the firm.

Create a 1st Line Testing framework that can be shared with control owners that will enhance security culture and support control ownership roles and responsibilities. Conduct training and awareness campaigns to facilitate the adoption of the framework.

Appropriately balance firm security needs with business impact and benefit when recommending advancements in policy and control objectives and directing those efforts to completion.

Think strategically to assist with the development of a long-term vision for Information Security’s Technology Assurance, Risk, and Policy direction inclusive of its program improvement, technology adoption, and integration of security solutions into business objectives.

Act as a thought leader in the firm, staying informed of changes in information security, regulatory requirements, audit standards, and industry trends, adjusting strategies, as necessary.

Build and maintain appropriate relationships with internal and external leaders to ensure awareness and understanding of potential strategic directions. 

Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change.

Outstanding management, interpersonal, communication, organizational, and decision-making skills.

Ability to understand and integrate cultural differences and motives and to lead cross cultural teams.

Demonstrate integrity and judgment within a professional environment.

Evaluate, counsel, mentor and provide feedback on performance of others.

Plan the training and development of staff to develop their skills and maintain state-of-the-art knowledge in information security.

To qualify for the role you must have

12+ years of experience in the Information Technology, Information Security and/or Risk Management field(s).

Audit experience or a demonstrated ability to design and test technology controls.

5+ years of experience in managing and mentoring junior and senior level staff.

Experience leading global and virtual teams.

High proficiency in technical and general writing skills in English. 

An advanced degree in Computer Science, Information Security, or a related field; equivalent work experience will be considered on a case-by-case basis.

One or more of the following or equivalent certifications preferred: Certified Risk and Information Systems Control (CRISC), Certified Information Systems Security Processional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Internal Auditor (CIA), Global Information Assurance Certification (GIAC) in related area, CIPP, CIPT.

Ideally, you’ll also have

A working knowledge of external control standards like ISO 27001, NIST 800-53, COBIT, etc. and regulatory requirements like GDPR and SOX.

Skilled in Microsoft Office and M365 products; primarily Word, Excel, PowerPoint, SharePoint, PowerApps, and PowerBI.

Experience with RSA Archer or other GRC tools.

Flexibility to work outside of normal business hours when engaging with team members and stakeholders in various time zones.

What we offer

As part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial and social well-being. Your recruiter can talk to you about the benefits available in your country. Here’s a snapshot of what we offer:

Continuous learning : You will develop the mindset and skills to navigate whatever comes next.

Success as defined by you: We will provide the tools and flexibility, so you can make a significant impact, your way.

Transformative leadership : We will give you the insights, coaching and confidence to be the leader the world needs.

Diverse and inclusive culture : You will be accepted for who you are and empowered to use your voice to help others find theirs.

We ensure that individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions and to receive other benefits and privileges of employment. Please contact us to request accommodations.

EY is committed to being an inclusive employer, and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.

EY | Building a better working world

EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets.

Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

As part of Risk Management and Compliance, you are at the center of keeping JPMorgan Chase strong and resilient. You help the firm grow its business in a responsible way by anticipating new and emerging risks, and using your expert judgement to solve real-world challenges that impact our company, customers and communities. Our culture in Risk Management and Compliance is all about thinking outside the box, challenging the status quo and striving to be best-in-class.

The firm's Second Line of Defense (2LOD) is the independent risk management area comprised of Risk Management and Compliance (RM & C), responsible for developing and monitoring the execution of the risk governance structure.

This firmwide team within Compliance, Conduct and Operational Risk (CCOR) is responsible for developing the Regulatory Topic framework to assess JPMorgan Chase's risk across all lines of business (consumer, corporate and investment bank, commercial banking, asset and wealth management, and corporate businesses) for specific collections of laws, rules, and/or regulations ("obligations") that require evaluation together to assess the firm's ability to be compliant with these obligations.
**Key Responsibilities
- Drive ongoing initiatives related to the firmwide Regulatory Topic framework, including:

- Development of new and refinement of existing Regulatory Topic program requirements
- Develop and execute a training and communication plan to support the program requirements including policy, standards and other required documentation
- Further integration of the program into Risk and Control frameworks, including data sourcing and reporting
- Partner with Corporate and Line of Business teams to roll out the program framework and oversee the overall execution of the Regulatory Topic Assessments including CCOR Challenges
- Partner with technology to deliver capabilities to execute against requirements for both LOB/CF teams and Compliance/Operational Risk
- Support regulatory, audit, and policy related requests

**Minimum Skills, Experience and Qualifications**
- Minimum Bachelor's degree; 10-12+ years work experience in the financial industry, preferably in Risk, Compliance, Oversight & Control, or Finance
- Strong analytical skills, with ability to harness large data sets and analyses to deliver insights and new features for senior management reviews
- Strong Excel and PowerPoint/PitchPro skills
- Strong communication skills, ability to clearly articulate complex concepts and distill high-level themes from granular information
- High attention to detail and ability to work independently to produce executive-level materials, analyses, presentations
- Ability to work well under pressure and deliver under tight deadlines
- Self-starter who proactively seeks ways to improve processes
- Ability to develop partnerships across multiple business and functional areas
- Working Hours: 1:30pm to 10:30pm India Time (4am to 1pm NY Time)

**About Us**

Across JPMorgan Chase, we serve millions of customers and many of the world's most prominent corporate and government clients. Our mission is to build a stronger, more equitable economy, and we strive to make a positive impact everyday with our customers in their communities. We are proud of our reputation as one of the world's most admired companies and we know that it's our people who make us successful. We are committed to a diverse and inclusive workplace where our employees are welcomed, valued and able to bring their authentic selves and best work forward
JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.

**JOB DESCRIPTION**
Firm-wide Supplier Oversight Services (SOS) is a centralized group that manages the Third Party Oversight & Governance function across the organization.

This group provides consistent monitoring of all Third Party activities in order to ensure compliance to the Third Party Oversight (TPO) standards and Global Technology Standards.

As an Associate in Supplier Oversight Services (Third Party Oversight), you will be responsible for managing all Onboarding and Steady State commercial actions across all lines of business and regions. You will ensure compliance with the Third Party Oversight (TPO) standards and Global Technology Standards, and provide consistent monitoring of all Third Party activities. This role provides an opportunity to work closely with internal customers, manage regulatory compliance requirements, and contribute to the efficient and effective delivery of SOS duties.

**Responsibilities**:

- End to End engagement brokering for Onboarding commercial activities as per the TPO Program for acquired company's supplier engagements
- Ensure all TPO activities within the portfolio are delivered in a manner consistent with TPO policy and regulatory guidance across all risk engagements
- Acts as TPO Process and Tool SME 9Subject Matter Expert) for the business Delivery Managers and Portfolio Managers
- Support new DMs to understand the TPO Program and process
- Face off TPO to Delivery Managers, Executive Sponsors and Portfolio Managers from the Line of Business (LOB)
- Ensure SOS duties are delivered in an efficient, effective and sustainable way in line with internal SLA’s(Service Level agreements), KPIs (Key Performance Indicators)/KRIs(Key Risk Indicators)
- Ensure all TPO activities within the portfolio are delivered in a manner consistent with business objectives, TPO policy and regulatory guidance
- Determine appropriate process for third party engagements (Out of Scope, Specialized Service Categories, COMPASS, etc.)

**Required qualifications, skills and capabilities**:

- Atleast 5 years relevant work experience in Operations, Oversight & Control, Vendor Management, or related roles pertaining to knowledge of risk management and control principles with total work experience of 9+ years
- The role requires extensive interaction with internal customers. Outstanding listening and negotiation skills as well as being a strong written and verbal communicator at the senior management level with effective collaboration skills
- Effective time management and multitasking skills-ability to consistently achieve deadlines independently
- Broad understanding of regulatory compliance requirements, and experience in managing Internal Audit or Regulatory communications
- Strong organizational management skills, including expertise in issue and conflict resolution
- Ability to partner closely with related functions (Sourcing, Legal & Compliance, Audit, etc.) to ensure a coordinated and effective program
- Knowledge of Software and Cloud products used in Banking Industry

**ABOUT US**

JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world’s most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

**ABOUT THE TEAM**

Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we’re setting our businesses, clients, customers and employees up for success.

Global Supplier Services (GSS) manages the source-to-pay cycle, engaging with suppliers, negotiating contracts, conducting risk assessments and evaluating the customer experience. Global teams support sourcing, third party oversight, procurement and payment operations, supplier relationship management and customer experience.

**About this role**
We are looking for an experienced individual to lead the **RQA** **Risk Assessment & Assurance Team** in Mumbai, India.
**Business Overview**
Understanding and managing risk is the cornerstone of BlackRock's approach to responsible investing. The Risk & Quantitative Analysis (RQA) group provides independent oversight of BlackRock's fiduciary and enterprise risks. Our mission is to advance the firm's risk management practices and to deliver independent risk expertise and constructive challenge to drive better business and investment outcomes. RQA promotes BlackRock as a leader in risk management by providing independent top-down and bottom-up oversight to help identify investment, counterparty, operational, regulatory, technology, and third-party risks.
RQA is committed to investing in our people to increase both individual enablement and a strong collaborative environment. As a global group located all around the world, our goal is to create a culture of inclusion which encourages teamwork, innovation, diversity and the development our future leaders. We actively engage in discussions on career growth and work with team members to understand how personal passions and strengths connect with our purpose.
**Who We Are**
As part of the broader Thematic Risk Assessment team (TRA) within the Enterprise Risk Management group (a Second Line of Defense function), the **RQA Risk Assessment & Assurance (RAA) Team** is vital to the "true-up" understanding of our enterprise risk and control landscape, and continued confidence that our risk management processes are effective and reliable. These help provide assurance that the firm's enterprise risk management framework is adept at managing current and emerging risks, protects protecting our clients and firm, and supports the achievement of firm-wide business goals within our risk tolerance. Key stakeholders include, but not limited to, broader RQA Enterprise Risk Management teams and leaders, Enterprise Technology Risk & Control (First Line of Defense risk function), Innovation Office and Information Security, and other risk and control functions.
**What You Will Be Doing** :
Your primary responsibilities include:
+ Execute risk assurance plans that evaluate, monitor and report on the design &/or effectiveness of enterprise risk assessment programs and its activities.
+ Perform and support thematic risk assessments that evaluate enterprise risks of interest.
+ Identify, analyze, execute, and support improvements to enterprise risk assessment programs.
+ Manage the RAA Team and team members' performance.
+ Identify, dimension, and propose practical solutions for improving enterprise risk assessment programs, risk management processes, risk and control taxonomies, and risk and control assessment techniques.
+ Identify and escalate potentially systemic enterprise risk issues in a timely manner.
+ Ensure risk assessment and assurance exercises are comprehensively documented and reported.
+ Be a risk champion within the wider BlackRock business.
**What We Look For** :
As a **Team Lead** with people management responsibilities, you must have:
+ Strong risk and control assessment expertise (especially in technology &/or information security).
+ Excellent attention to detail, strong work ethics, and able to work as part of a global team and make informed risk management decisions.
+ **13+ years** of practical experience in Enterprise &/or Technology Risk Management, Business Process Engineering, Quality Assurance, or Audit (experience earned in Asset Management or Banking industry is preferred).
+ **5+ years** of experience **leading and performance managing** a team (non project-based).
+ **5+ years** of experience in **performing** risk and control assessments, quality testing, control testing, &/or IT auditing.
+ Demonstrable ability to identify and analyze process, risk and control issues, challenge the status quo, and work with cross-functional and international teams to ideate pragmatic solutions that strengthen the risk management framework.
+ Strong understanding of industry-leading practices and control frameworks (e.g. CRI Profile, NIST CSF, ISO 27001, SOC, SOX, SWIFT, and COBIT).
+ An ability to explain complex ideas &/or sophisticated technical concepts in simple but impactful terms and use effective communication to influence outcomes.
+ Familiarity with office productivity, usage of open-source frameworks and business intelligence tools, including (but not limited to) Microsoft Office, PowerBI &/or Tableau.
The following are competitive advantages that we are interested in:
+ You are a Certified in Risk & Information Systems Control (CRISC), a Certified Information Systems Auditor (CISA), &/or Six Sigma-certified.
+ You have both led and performed technology &/or business risk and control assessments.
+ You have automated control assessment activities or analytics using one or more of the following: Python, JavaScript, .NET &/or SQL.
+ Good understanding of worldwide regulatory requirements.
**Our benefits**
To help you stay energized, engaged and inspired, we offer a wide range of benefits including a strong retirement plan, tuition reimbursement, comprehensive healthcare, support for working parents and Flexible Time Off (FTO) so you can relax, recharge and be there for the people you care about.
**Our hybrid work model**
BlackRock's hybrid work model is designed to enable a culture of collaboration and apprenticeship that enriches the experience of our employees, while supporting flexibility for all. Employees are currently required to work at least 4 days in the office per week, with the flexibility to work from home 1 day a week. Some business groups may require more time in the office due to their roles and responsibilities. We remain focused on increasing the impactful moments that arise when we work together in person - aligned with our commitment to performance and innovation. As a new joiner, you can count on this hybrid model to accelerate your learning and onboarding experience here at BlackRock.
**About BlackRock**
At BlackRock, we are all connected by one mission: to help more and more people experience financial well-being. Our clients, and the people they serve, are saving for retirement, paying for their children's educations, buying homes and starting businesses. Their investments also help to strengthen the global economy: support businesses small and large; finance infrastructure projects that connect and power cities; and facilitate innovations that drive progress.
This mission would not be possible without our smartest investment - the one we make in our employees. It's why we're dedicated to creating an environment where our colleagues feel welcomed, valued and supported with networks, benefits and development opportunities to help them thrive.
For additional information on BlackRock, please visit @blackrock ( | Twitter: @blackrock ( | LinkedIn: is proud to be an Equal Opportunity Employer. We evaluate qualified applicants without regard to age, disability, family status, gender identity, race, religion, sex, sexual orientation and other protected attributes at law.