Job Purpose

- IT audit facilitation

- IT governance, including preparing for IT Strategy Committee

- Owning compliance and regulatory projects

- Business Continuity Management

- Access Management

- Managing Employee facing applications

Main Accountabilities

- Establish and monitor an auditable governance framework, consistent with general regulatory requirements for information technology.

- Own the role of IT Audit SPOC. Co-ordinate with auditors like Internal Audit Department (IAD), Regulators (RBI/ NHB), Statutory Auditors and external accessors. Cadence mechanism for tracking and closure of audit observations.

- Creation of knowledge repository

- Ensure adherence to 100% accuracy of Risk control Policy and standards.

- Enabling strong IT governance, security, regulatory compliance & adherence to management model

- Coordinating for: Cyber security audit, Internal Audit, compliance & Process, ITGC, VAPT, GRC. SEBI Compliance

- System implementation assessment

- Setting up and running the user access management framework for IT

- Circulating KPI dashboard summary for regular status on key indicators (Financial and Non-Financial indicators)

- Monthly review of Self Risk and Risk control Assessor and Reviewer

- Establish and Monitor Vendor Onboarding, Monitoring and Risk assessment framework.

- Part of a team of BCM-risk management professionals who work with senior management in all lines of business to coordinate business continuity governance activities

- Continuity planning and event management, development and facilitation of enterprise wide event exercises, relationship management with external vendors, development of corporate policy, standards, and guidelines

- Being proactive with issues with a problem-solving attitude, and, at the same time keeping all stakeholders aligned.

- Contribute to the development and maintenance of the enterprise-wide Access management and access review program including development of tools and instructional guides for business.

- Define and set-up SOP, templates, workflow and cadence mechanisms for ITIL compliant processes in line with RBI & NHB norms for NBFC and HFC around:

- Business Concept Note and translation into Business Requirement Document and subsequent Functional Specification document

- Demand tracker

- Capacity planning (software delivery)

- Change management

- Release management

- Incident management

- Patch management

- IT Strategy committee framework

- IT Steering committee framework

- IT Risk assessment

- CTO monthly dashboard

- Cadence meeting with business stakeholders

- Operational MIS

- Business Continuity plan

- IT strategy document

Qualifications & Experience: Masters in Any Stream. Minimum 10 years relevant experience

Leadership Competencies:

- Stakeholder management,

- Good communication/articulation skills,

- Exposure to budgeting,

- Demonstrated team-building capabilities,

- Adopt innovative/cutting-edge technologies

Functional Competencies:

- Competency Required Proficiency

- Application Knowledge Expert

- Infrastructure Management Advance

- Program & project management Intermediate

- Technology Knowledge Expert

Specialized job competencies:

- Industry certification in one or more of the following: ISO, PMI, CCSA, CISA, CA, CCSP, ISC, ITIL, etc.

- Exposure to BFSI domain knowledge and having worked in conglomerate governed by multiple regulators

Desired Experience:

In-depth knowledge and expertise of the BSFI sector operations, including IT practices. Specific expertise should include:

- A strong understanding of Access Management, Operational risk and Resilience, Business Process improvement methods as well as risk related control frameworks and practices (COCO, COSO, ISO, ITIL, CMM, COBIT, etc.)

- Solid knowledge of IT and Operations Audit methodology

- Corporate Policies and Standards of TCL and its operating subsidiaries

- Solid understanding of the Operational Risk Management methodology and CSA related requirements.