Senior Role - Operational Security Risk Management - Technology Business Lines - Investment Bank

Job opportunity - Operational Security Risk Management - Investment Bank

Missions - 

- The staff will be responsible to maintain Operational Security Risk Management framework for all Technology business lines .

- Will be responsible for managing the Risk Management life Cycle (Risk Identification, Assessment, Monitoring and Closure) for the Infrastructure and Application Technology Domains

Responsibilities-

1. Risk Management on the Transitions

- Organize, Perform and conduct IT Risk Analysis (consists IT Security, Info Security, Business Continuity Mgmt) across all IT projects and initiatives to bring pro-active risk management focus into solution

- Ensure IT Risk Assessments are properly aligned with enterprise risk management methodology and regulatory expectations.

- Proactively identify potential risk exposures within new technology solutions being designed and implemented, and partner with Technology Risk Officer and Information Security Program Office to monitor appropriate solutions to mitigate exposure.

- Control Design embedded within the process to ensure the efficiency of the Control Design and operating effectiveness is adequately measured

- Manage the stakeholder expectations and optimize for maximum effectiveness from Risk Management point of view

- Monitor the Transition rollout and intervene/escalate as appropriate to the BL head/Risk Sponsor.

2. Proactive Risk Management

- Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy

- Monitors compliance with the Security Standards, Policy and Architecture.

- Perform general and Application Control Reviews

- Perform Information control reviews to include system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, and system maintenance.

- Constantly be on the lookout of identifying and addressing risks within the business line. Analyze risk scenarios to determine their impact on business objectives

- Ensure appropriate Permanent supervision controls are implemented and are performed periodically

- Co-ordinate the Risk and Control Self Assessment (RCSA) exercise

- Responsible for creating awareness on various security topics. Introduce or improve the IT/Info Security awareness within the business line.

- Collect information and review documentation to ensure that risk scenarios are evaluated appropriately.

- Identify potential threats and vulnerabilities for IT business processes

- Create and maintain a risk register to ensure that all identified risks are accounted for.

- Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.

3. Reactive Risk Management

- Incident Investigation and reporting as appropriate. Accountable and responsible for report on Operational Losses and Incidents within the BL

- Manage the risk governance, work with business units to ensure closure on the various risk related actions

- Provide pre-audit and post-audit support for both internal audits and external audits

- Be part of the Technology Root Cause Analysis (RCA), identification of corrective and preventive actions and follow-up for closure

- Oversee the regular DR testing of the plan and update for major changes in hardware, applications, business and regulatory requirements accordingly

4. Risk Monitoring and closure of Audit Issues

- Evaluate overall information technology risk, maintain an active view, and report on the actual, mitigated and residual risk in the technology organization.

- Proven Expertise in handling Security Audits & Compliance Assessment for evaluating the effectiveness of controls and compliance with applicable laws & regulations

- Completely own Risk Governance meetings to keep the management on the status of the mitigation plan for the identified risks

- Provide early warnings on potential non-compliances

- Serve as liaison to auditors, consultants, and any Compliance Committee regarding documentation and review of information compliance. Keep a tracking action list of all audit issues.

- Handling Regulatory requirements from various countries on Technology Operations.

- Identify and implement any new/updated regulatory requirements from various countries by conducting Gap Analysis between Regulatory requirements and Technology Operations

- Responsible for compiling list of audit issues and tracking action list of all audit issues for the Technology Business Lines

- Responsible for coordinating efforts for the timely closure of audit issues

- Ensure the Audit issues are addressed appropriately and corrective actions are implemented.

Profile- 

Technical-

a) Knowledge of IT Security standards and procedures

b) Expertize in maintaining IT Security Risk Framework and its associated controls & reporting

b) Proven experience in planning and managing periodic assessments of IT environment.

c) Design and implement information systems controls in alignment with the organization's risk appetite and tolerance levels to support business objectives.

c) Capable of conducting in-depth security incident analysis, evaluating alert criticality, to validating risk and being able to elaborate on risk identified.

d) Ability to handle sensitive matters with discretion and maintain confidentiality

Functional-

a) Experience in preparing and presenting briefings to senior management

b) Strong Project Management Skills

b) Strong verbal and written communications skills across all levels of the Firm

c) Excellent analytical and problem-solving skills

d) Ability to operate in a dynamic and matrix environment

e) Demonstrated consistency in values, principles, and work ethic

f) Proactively communicates information to colleagues up, down and across the organization, provides updates on projects, tasks and potential roadblocks

g) Work efficiently with Global Collabrative teams located in multiple geographical locations.

Other Competencies-

a) Educational Requirements : Preferably B.E or B.Tech / Additional certifications on Risk Management will be an added advantage (RCSA, CISP, CISA etc.).

b) Range of Experience : Minimum of 12 years of experience with 6 years of relevant experience into IT risk management.

c) Professional Experience in Banking/Financial Services operations, ITES organization

c) Fluency in MS Office Tools.