- ORM Product / Business Managers
- ORM Risk Framework Process and Infrastructure Team
- Group Ops Risk
- Group Information Security
- Group Internal Audit
- Country CIO's / Product aligned COO 's
- ORM CCRO's
- GIS team within the Geographies
- Group's external auditors
Role Purpose :
- To create Group OR independent representation in Chennai, maintain the rollout of Operational Risk Framework within the hubs for Technology,
- Be the central point of contact for the testing of technology control metrics & sign off and track overall ORF residual risks.
Risk Control Ownership of Functions Operational Risk
- Create and be independently accountable for group OR in the Hubs.
- Post completion of Technology (including Information Security) into ORF, be the central point of contact for GTO operational risks for Hub process maintenance, including 'dip stick testing' of the operational effectiveness of all process controls.
- Attend Tech Risk Committee on periodic basis ensuring key technology risks are understood and managed.
- Uplift CCRO knowledge where appropriate.
- Identify the areas that give rise to Technology risk within hubs and assess whether a risk appetite has been set by the first line for each of these areas.
- Provide a focal point of control over the aggregate level of operational risk in the Technology function that arises from end to end processes and changes.
- Review of thematic system risks from IT risk repositories / external events / Scorecards
- Identify, ascertain and confirm that Hub risk registers, KRIs, KCIs, and control sample testing are effectively implemented for GTO.
- Signing off risks raised & track respective Optial & Knox related records
- Recommend changes to the control environment or to business practice where necessary to reduce the level of operational risk exposure.
- Ensure that any material risks exposures and related issues under the role are reported to the respective OR management as appropriate.
Knowledge And Skills: (List typical pre-requisites for high performance)
- 7-10+ years in an Technology and information security risk management function (1st or 2nd LOD) at a financial institution
- Certified Information Systems Security Professional (CISSP) qualification desirable, Certified Information Systems Auditor (CISA) qualification desirable,
- Sharp business acumen (including ability to assess risk and appropriate levels of return), strong leadership qualities, excellent interpersonal skills and multi-cultural awareness and sensitivity.
- Expertise in process design and control