AVP/VP - Control Management - BFSI

Required Qualifications, International:

- Minimum of 15 years of experience in technology risk management, preferably with a focus on Application and Infra Risk assessments in BFS

- Strong knowledge and experience in risk control self-assessment methodologies, risk frameworks, and technology risk management practices.

- Information Systems, or a related field. Advanced degree preferred.

- Experience in Risk Management, Business Controls, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education

- Leadership experience

- Bachelor's degree in Computer Science, Information Technology, or a related field. A Master's degree is a plus.

- Proven experience in infrastructure and application risk assessment, preferably in a managerial role.

- Strong understanding of information security principles, risk management frameworks, and regulatory requirements (e.g., ISO 27001, NIST, GDPR).

- Knowledge of network architecture, operating systems, databases, and cloud computing platforms.

- Familiarity with vulnerability scanning tools, penetration testing methodologies, and security assessment techniques.

- Excellent analytical and problem-solving skills with the ability to identify and assess risks in complex environments.

- Strong leadership and team management abilities, with a track record of successfully leading and developing a team.

- Effective communication skills, both verbal and written, to articulate complex technical concepts to non-technical stakeholders.

- Professional certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) are highly desirable.

- Ability to work collaboratively in a fast-paced environment, managing multiple priorities and deadlines effectively.

Desired Qualifications:

- Lead a team of risk assessment professionals, providing guidance, support, and mentorship.

- Conduct comprehensive risk assessments of infrastructure and applications to identify potential vulnerabilities and threats.

- Analyze security controls, policies, and procedures to ensure compliance with industry standards and best practices.

- Collaborate with IT teams to evaluate the effectiveness of existing security measures and recommend improvements.

- Stay up-to-date with emerging threats, vulnerabilities, and industry trends to proactively address potential risks.

- Develop and implement risk assessment methodologies, tools, and frameworks to streamline the assessment process.

- Prepare and present reports to senior management and stakeholders, summarizing identified risks and recommended mitigation strategies.

- Work closely with the security team to ensure timely resolution of identified vulnerabilities and track progress on remediation efforts.

- Collaborate with external vendors and auditors to conduct third-party assessments and ensure compliance with contractual requirements.

- Provide expertise and guidance during incident response activities, assisting in the investigation and resolution of security incidents.