Chat

iimjobs

jobseeker Logo
Now Apply on the Go!
Download iimjobs Jobseeker App and get a seamless experience for your job-hunting
08/07 Kishore Kannan
CEO at KayZen Group

Views:8562 Applications:187 Rec. Actions:Recruiter Actions:92

AVP/VP - Operational Risk - Information Security Group (8-18 yrs)

Chennai Job Code: 718397

We have a URGENT requirement of a very good candidate for the role of Operational Risk Manager aligned to the Information Security Group within the Captive Shared Service Centre based in Chennai.

Title : Operational Risk Manager [Technology]

Reporting to : Head of Operational Risk [Information Security]- Direct

Head of Ops Risk [Technology] - Matrix

Other Key Relationships:

Internal:

- GTO Program Executive Office

- ORM Product/Business Managers

- Technology Ops Risk

- Technology GIS Security Solutions

- Technology Governance

- Technology GIS Governance and Change

-Technology Architecture Management

- Technology L&C

- GIS Geographies

- Financial Crime Compliance

External:

- Group's external auditors

- External Penetration Testing Preferred Suppliers

Role Purpose:

To ensure that Group level Technology and Cybersecurity - cross cutting- and change related activities involving regulatory, material Technology project (including Cyber Stress testing), incident and developmental activities are properly assessed & that the risk / return and control cost / benefit decisions are made transparently on the basis of a proper assessment and in accordance with the Group's standards and its Risk Appetite.

Responsibilities:

Risk Control Ownership of Functions Operational Risk

- Ensure that the rapidly evolving regulatory changes around Information and Cyber security and Technology Risk are engaged upon, whether a risk appetite has been set by the first line for each of these areas, and control tests incorporated (where appropriate) into the ORF

- Challenge the technology functions assessment of cyber security threats and vulnerabilities and ensure that risk assumption and cost of control trade-offs are being made transparently and in an informed manner,

- Review and challenge the process, engagement and pipeline of Technology regulatory audit, external audit, client activities.

- Support scenario stress testing of Top Risks around Information and Cyber Security and/or Technology

- Develop and continually improve on GTO / GOR cyber stress testing frameworks to further imbed new requirements and changing methodologies

- Ensure that effective management response plans are in place to respond to extreme but plausible scenarios (e.g. cybercrime).

- Support material projects and/or group programs with key technology and information security related obligations (regulatory or other) that are material to the group. Ensure obligations are understood and incorporated into project slate.

- Perform deep dive reviews for significant regulatory change (e.g. historically in 2014: MAS TRM, HKMA Customer Data Protection etc), ensure continuous oversight and monitoring on upcoming Cyber regulatory events and challenges.

- Review and challenge proposed GTO HORPs / PARs

- Support review of Technology Root Cause Analysis (RCAs) where GTO is the process control failure owner through any Significant Operation Risk Events Incidents or Failed Audit reports.

- Help maintain and evolve the Cross Cutting and Top Risk standard dashboard metrics and monitors in conjunction with GTO.

Obtain MIS on volume of incidents being reported to regulators and perform 2nd line review.

Risk Governance:

- Support management in the collation and thematic review of technology and security risk issues coming post engagement with internal and external stakeholders/peer banks/associations/qasi government departments.

- Attend GTO/GIS program meetings on periodic basis ensuring key technology risks are understood and managed.

- Escalate to management when appropriate action needs to be taken based on review or external intelligence.

Risk Appetite:

- Work in conjunction with Tech L&C, and Technology and Governance maintain an up-to-date view of technology and information/Cyber security regulations and intelligence impacting the bank

- Based on the constant changing and evolving Cyber security external threat landscape recommend changes to business practice where necessary to reduce the level of operational risk exposure

- Cascade and question action plans against emerging technology events & regulations where appropriate.

- Deepen knowledge of team through external information sharing and cascade. Uplift CCRO knowledge when appropriate.

Knowledge & Skills: (List typical pre-requisites for high performance)

- 7-10+ years in an Technology and information security risk management function at a financial institution

- Certified Information Systems Security Professional (CISSP) qualification required,

- Certified Ethical Hacking (CEH), Certified in Risk Information Systems and Control (CRISC) desirable.

- Sharp business acumen (including ability to assess risk and appropriate levels of return), strong leadership qualities, excellent interpersonal skills and multi-cultural awareness and sensitivity.

Should you require any further information please feel free to contact Kishore on 8553023272.

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.

Women-friendly workplace:

Maternity and Paternity Benefits

Add a note
Something suspicious? Report this job posting.