Position Purpose:

Implementation, management and oversight of 2nd line of defense risk management framework within the Information and Communication Technology (ICT) space in India.

Key Responsibilities:

RISK ORC ICT :

- Governance & Oversight 

 - Provide IT & Cyber risk management oversight and advisory to the business, technical and operations groups 

- Provide direction, support and oversight with respect to the management of security and technology risks of core systems and applications 

- Drive effective implementation and communication of Operational Risk Management policies and guidelines, in particular RISK ORC ICT related.

Risk management environment :

- Identification & Assessment: Ensure that the identification and assessment of operational risks are effectively done across the organization by correlating input from Audit Findings, Internal Loss Data Collection & Analysis, External Data Collection & Analysis, Risk Control Self Assessments, Business Process Mapping, KPIs & KRIs, Scenario Analysis, Quantified Measurement & Comparative Analysis 

- Monitoring & Reporting: Implement a process to regularly monitor operational risk profiles and material exposure to losses and provide appropriate reporting mechanisms to the board, senior management and the business lines. Data capture and operational risk reporting should be continuously enhanced and provide a feedback loop to enhance risk management policies, procedures and practices. 

- Control & Mitigation: Improve the effectiveness of the Internal Controls programme by reviewing the control environment, risk assessment process, control activities, information and communication and monitoring activities. Assess operational risk response strategies. Validate risk transfer options. 

- Risk Disclosure: Provide updates on regulatory and financial disclosure while complying with external and regulatory communications standards and disclosing the operational risk management framework of the bank in a manner that complies with the formal disclosure policy approved by the board of directors. Defines approach for determining what operational risk disclosures are made and the internal controls over the disclosure process. Implement a process to assess the appropriateness of the disclosure, including the verification and frequency.

Contributing Responsibilities:

- RISK ORC ICT Governance & Oversight :

- Contribute to the establishment of an IT & Cyber Risk Management program in the Bank and within the three lines of defense model in alignment with the Group Risk Management Framework 

- Assist with establishing appropriate risk management governance committees, arrange agendas and chair meetings as appropriate 

- Assist with establishing and oversight of the Operational Risk Management infrastructure and ensure practices are consistent with regulatory expectations and industry sound practices

Risk management environment :

- Business Resiliency & Continuity: Oversee and drive the business resiliency and continuity plans to ensure the ability of the Bank to operate on an ongoing basis and limit the losses in the event of severe business disruption. Coordinate with the first and third lines of defense to test these plans to ensure coverage and adequacy.

Technical & Behavioral Competencies:

- Professional qualifications relevant to Information Security (such as CISA, CISM or CRISC). 

- Strong risk mindset with understanding of applicable regulatory requirements in financial services sector around Information Security Risks (Technology Risk, Business Continuity Risk, etc.) 

- Experience in managing Enterprise Risk and necessary Controls. Experience in the infrastructure security space. Strong experience in Third Party Risk assessment process.

- Functional knowledge in below areas to cover endpoint, network devices, server and databases:

- Security Architecture Malware Protection Identity & Access Management

- Secure Configuration Security Testing Emerging Technology Security

- Good understanding of information security technologies and knowledge around network devices, servers, Firewall, IDS, IPS, SIEM, DLP, Proxy, Web / Email Content Filtering and AntiVirus & Malware protection.

- Good understanding of vulnerability assessments and penetration testing and technologies associated with the capabilities. 

- Good understanding of incident response and management capability for cyber incidents. 

- Working knowledge of Regulatory requirements including Data Privacy Regulations like GDPR, India Data Privacy Law, SEBI and RBI privacy requirements etc

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.