Ujjivan Small Finance Bank - National Manager- IT Governance & Compliance

1. JOB SUMMARY :

As part of the senior IT leadership, you will primarily be responsible to ensure that IT is compliant with policies and procedures laid out by the regulators as well as the risk department.

- Responsible for the formulation, propagation and adoption of IT policies, standards, procedures and guidelines.

- Design, develop and implement IT compliance procedures, practices and processes to maintain a proactive conformance and oversight program

- Responsible for all Risk and Compliance Management Initiatives within IT which will include Information Security, Data Privacy Compliance

- Responsible for managing internal/external group-level IT audits, including formulating appropriate risk management/remediation actions.

- Responsible for BCP management from an IT perspective

2. PRIMARY RESPONSIBILITIES :

- All policies and SOP will need to be owned by the Head of IT Governance, Risk and Compliance. This would imply defining, implementing and governing the policies and ensuring compliance from a regulatory standpoint.

- Creating of the SOP- s, review of the SOP's and primarily ensuring that these SOP's are being followed and implementing them.

- Establishing compliance standards in collaboration with audit and risk functions.

- Accomplishing compliance by determining accountabilities, communicating policies/procedures to be followed

- Plan and manage IT testing and audits conducted by internal and external auditors and

coordinate with Information Technology and Information Security managers and team leads.

- Gather, prepare and evaluate detailed evidence to support compliance of controls tested. Document and communicate testing results to Control Owners and other participants.

- Track and report on remediation status of all IT Compliance related issues.

- Coordinate the development of, and on-going revisions to, remediation plans for issues resulting from information security audits conducted by both internal and external auditors.

- Track and report on remediation status of all IT Compliance related issues.

3. KEY INTERACTIONS :

Internal Interface :

- Risk Department

- Audit department

- IT owners (Applications, Infra and Security)

External Interface :

- Regulators

- OEM/ Vendors

- 3rd party auditors

4. PERFORMANCE METRICS :

- Internal Process : Compliance to all regulatory requirements :

- IT policies mapped to procedures

- Issues/ actions closed in an agreed timeline

- Audit/ Risk compliance - rated as medium i.e average

- Learning & Performance : IT education around compliance :

- Number of trainings conducted for IT staff

- Compliance gaps pertaining to user education to be minimum

5. ROLE REQUIREMENTS :

Desired Qualification :

- Bachelor's or master's degree in computer science, information systems, business administration or related field, or equivalent work experience.

Desired Experience :

- 15+ years- experience in IT Audit or Compliance role or related experience within the finance or banking industry

- Strong understanding of IT General Controls, as well as network, OS, application and database controls.

- IT audit experience and knowledge of Governance, Risk and Compliance Frameworks (COSO, COBIT, ISO27001, NIST, etc.)

- Business Continuity planning/ Disaster recovery.

6. FUNCTIONAL KNOWLEDGE AND SKILLS :

- Knowledge of and experience to demonstrate understanding of risks and controls related to IT/ data governance / cyber risks

- Good understanding of operational risk

- Knowledge and experience with industry best practices, including COBIT, ITIL, PMBOK, PRINCE2 etc.

7. BEHAVIOURAL COMPETENCIES :

The role will primarily liasie a lot between internal IT functions as well as risk and audit. It will be critical to operate as an objective/ unbiased individual while working on resolution of observations.

- Good people management skills as this would mean working with cross functional teams to be able to drive action.

- Demonstrated ability to build strong technology relationships while recognising that this is an organisation that is building its foundation.

- Patience and resilience would be a key virtue as processes need to be set, people need to be coached. Excellent communication, problem solving and decision making skills with the ability to effectively communicate with all levels in the organization