Manager/AVP - IT Risk Assessment/Cloud - Investment Bank

Position Purpose

- Responsible for the development and implementation of an enterprise-wide ICT risk governance program. Successful candidate will have proven track record of developing and implementing risk management programs in global organizations, with robust knowledge of technology, risks, architectures and related tools.

- Prior ICT risk experience (IT, Cyber, Cloud, IAM- etc.) & exposure to the Financial Services industry is a must. Experience with GRC tools and NIST standards is preferred.

- Individual will develop and communicate ICT Risk Policies to ensure that ICT risk considerations are accounted for in all the bank's initiatives. Negotiation and Conflict Management skills an absolute must. Bank is undergoing a significant tech and ops reorg/transformation including outsourcing functions, streamlining and refactoring applications.

- Will support this effort from an independent risk assessment of these projects and will present findings to board and exec committees. Excellent presentation & executive presence skills necessary. Experience interacting with regulatory agencies is required.

Responsibilities

Direct Responsibilities

Governance and Oversight:

- Support in establishing IT & Cyber Risk Management Program for the bank within the three lines of defense model in alignment with the Group Risk Management Framework.

- Support effective implementation and communication of Operational risk management policies and guidelines.

- Support and oversee management of security and technology risks of core systems and applications.

- Oversee the Operational risk management infrastructure and ensure practices are consistent with regulatory expectations and industry sound practices.

- Provide IT & Cyber risk management consulting to the business, technical and operations groups.

- Support Establishing appropriate risk management governance committees arrange agendas and chair meetings as appropriate.

- Help establish GRM's oversight model for the IT and Operations Transformation projects including the review of major outsourcing partners.

Risk Management Environment:

- Identification & assessment: Ensure that the identification and assessment of operational risks are effectively done across the organization by correlating input from Audit Findings, Internal Loss Data Collection & Analysis, External Data Collection & Analysis, Risk Control Self Assessments, Business Process Mapping, KPIs & KRIs, Scenario Analysis, Quantified Measurement & Comparative Analysis.

- Monitoring & Reporting: Implement a process to regularly monitoring operational risk profiles and material exposure to losses and provide appropriate reporting mechanisms to the board, senior management and the business lines. Data capture and operational risk reporting should be continuously enhanced and provide a feedback loop to enhance risk management policies, procedures and practices.

- Control & Mitigation improve the effectiveness of the Internal Controls programme by reviewing the control environment, risk assessment process, control activities, information and communication and monitoring activities. Assess operational risk response strategies. Validate risk transfer options.

Contributing Responsibilities

- Enhance the India CoE by taking initiatives with the local team

Technical & Behavioral Competencies :

- Exposure to conducting technical risk assessments/ ICT Governance to identify ICT risks and designing mitigation controls in (at least 3) of the following areas

- Application Security

- IT Technologies (End User Computing, Infrastructure Computing, Middleware, Storage Solutions)

- Cloud & Virtualization Technologies (IaaS, PaaS, SaaS)

- Communication Technologies (Networking including SDNs, Segmentation, Wireless & Mobile)

- Application Development/SDLC (Agile & Waterfall)

- Data Management (including Data Mining)

- Networks and Network Security

- Identity & Access Management Security

- Threat & Vulnerability Management

- Encryption Technologies & Key Management

- 10+ years of relevant experience

- On hand experience on dealing global stakeholders

- Good know how on Technology Risk Policies and Procedures reviews

- Excellent Presentation skills

- Ability to articulate risk management concepts to all levels of the organization

- Good listening and analytical skills - being able to come to a thoughtful and business focused conclusion quickly;

- Ability to co-operate and work well with others adopting an approachable style - Important as we work closely with a large and diverse set of suppliers and customers;

- Ability to see the customer perspective, i.e. from a business point of view, the most secure solution is not always workable or realistic considering costs and benefits;

- Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate;

- Adapting personal approach to suit situations, individuals, groups and cultures. Flexible in relation to getting the job done

Team-player - focus on the success of the whole team. Working well both with others, as well as individually;

- Taking accountability for their actions and be open and honest when things have gone wrong, and celebrating successes when things have gone well;

- Being rigorous and thorough - especially when logging and tracking issues through to conclusion;

- Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business

- Ability to express views clearly and fluently, both orally and in writing

Specific Qualifications (if required)

- Industry certification in Information/ Cybersecurity like CISSP, CEH, AWS/ Azure etc.