Director - Internal Control Systems - BFSI

The Role Responsibilities :

- Support the functional head in leading a team of ICS technical control testing SMEs (Subject Matter Experts) to plan and execute on key controls testing across the bank's critical IT systems.

- Lead the execution of a consistent, sustainable and re-performable control testing framework/methodology for the bank's critical IT systems.

- Provide thought leadership on ICS technical control design, assessment, testing processes and drive continuous -improvements in alignment with organization's risk frameworks.

- Work with the Application/Service/Control Owners of critical IT systems to identify emerging ICS risks and ensure they are appropriately addressed by relevant technical controls.

- Support the provision of MI (Management Information) to the respective risk forums across business and functions.

- Assess compliance with the Bank's risk frameworks, policies and industry standards (NIST).

- Support stakeholders in defining remediation actions to address identified control weaknesses and issues across critical IT systems, and associated processes.

- Track issue remediation, check and challenge delivery status and escalate delays.

- Identify opportunities for automation of controls testing.

- Maintain effective relationships with leaders and stakeholders.

- Support the continuous improvement of ICS control testing, risk and control processes, aligning to and avoiding duplication with other assurance functions.

- Lead through example and build the appropriate culture and values. Set appropriate tone and expectations, and work in collaboration with risk and control partners.

- Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.

- Provide robust challenge and escalation to senior management to ensure activities achieve risk reduction.

- Provide timely and accurate risk & control information to support internal/external (e.g. regulatory) assessments.

The Role Requirements :

- Educational background in Computer Science, Economics, Law, Risk Management or other relevant areas.

- 8-15 years in IT/Cyber Audit and/or Cyber Risk Management or similar experience is essential.

- Professional qualifications such as CISA/CRISC/CISM/CISSP will be advantageous.

- Posess the right mix of leadership, cyber expert and risk & control skills.

- Be self motivating and kick starter capable of working with limited direction.

- Be capable to execute leadership, management and coaching over colleague(s).