Head - IT GRC

Job title: Head IT GRC

Reporting to: CIO Hours: General Work Time (9. 30 am to 6. 30 pm) Location: YBH, Santacruz Overall Responsibilities As part of the Technology Assurance Team the Head- IT GRC will be responsible for coordinating with Internal and External Auditors to ensure the audit process is managed smoothly.

- Work closely with various teams for collecting evidence for Internal / External Auditor.

- Coordinate with internal teams on mitigation of IT related business risk including implementation of strong controls.

- Follow-up with the process owners to ensure the open audit points are closed as per suggestions provided by Auditor and best practices.

- The individual is expected to be able to communicate effectively with senior management, audit and risk managers both verbally and written in a variety of situation including one to one, committee meetings, and formal presentations

- Key Areas of responsibilities - Internal, Concurrent & Statutory Audit - Liaise with internal and external auditors for various audit requirements of Technology and solutions group, follow-up with internal team.

- Assist the Auditors in completing a control and risk assessment testing following the documentation of the systems and processes being reviewed.

- Audit Report management- Preparing an audit issue tracker from the audit report published by the auditors.

Follow-up with the process owners to ensure the open audit points are closed as per suggestions provided by Auditor and best practices.

- Regulatory Compliance - Liaise with team to ensure compliance to regulatory requirements.

- Also, ensure timely completion of all submission to regulatory bodies.

- Reporting - Preparing dashboard for management to highlight the progress and current risk pending for compliance one periodic basis - Process Audit and review - Perform periodic internal process review to highlight any risk or gaps in the process.

- Create a test programme to check that the controls are operating in accordance with the process defined.

- Conduct joint exercise with ORM team to ensure Risk base audit for BDTS .

- Essential Skills/Experience/Qualification - Should have experience in fields related to IT General Controls, Audit, Information Security Controls and regulatory compliance , Subject matter expert on technology and information risk management.

- Strong understanding of the industry wide best practices, policies& procedures, technique in the area of risk management

- At least one of the professional qualification preferable such as CISM/CISA/CISSP/ ISO 27001 LA , Experience of documenting processes, policies, procedures, reports etc , Liaise with stakeholders, internal auditors, external auditors and various teams in facilitating and running audits - Analyze and categorize IT risks identified across all sources / processes Assist with risk management process.

- Strong written and oral communication skills and the ability to interact with senior management.

- Sound presentation skills including the ability to communicate risk posture, audit finding clearly and concisely

- Project management skills to monitor and track projects effectively , The ability to work effectively under pressure, tight schedules and flexible hours

- Excellent judgment and proven decision-making skills, Excellent English language skill is a must.

- Ability to be both an effective listener and influencer is a plus , Good understanding of IT and its operational setup in banking is a plus

- Preferred background are Risk Management assessment / Audit/Control self-assessment/Information Security experience