Role Holder Requirements:
Graduate degree and/or MBA, or other equivalent qualification.
10 to 15 years experience in IT out of which more than 8 years in IT Risk Management/Information Security.
Desirable Certifications: CISA/CISM/CISSP/ISO27001LA/CRISC
Expertise in all aspects of Risk Management including identification, analysis, mitigation, reporting, awareness, Incident Management and Response, GRC, audit and compliance.
Must possess excellent team and vendor management skills, and proven ability to communicate IT Risk posture to executive management by means of ongoing reporting, tracking, monitoring etc.
Experience in managing strategic outsourcing projects especially in the information security domain
Experience in driving pan-organization initiatives and managing large programs
Knowledge of GRC tools and automation of risk management processes
Proven ability to develop KPIs, Metrics, Dashboards, Heat maps etc. for monitoring and reporting risks for operational as well as senior management consumption
Experience in maturing various operational processes to increase their efficiency and effectiveness
Knowledge of risk assessment of Business and IT processes, BCP/DR, projects etc. and developing suitable mitigation plans for the same.
Understanding of technical risks and experience in overseeing assessments such as VA/PT/Appsec/Security Architecture review etc.
Experience in tracking latest threats and responding to them in a timely manner.
Knowledge of Advanced Persistent threats (APT), Anomaly Detection systems, SIEM, Log management solutions
Knowledge of Identity & Access Management, Privileged identity and access management, Data security products such as DLP, Digital Rights Management (DRM), Data Base Activity Monitoring (DAM) etc.
Exposure to software license management and compliance processes
Sound understanding of Data, Application security and secure SDLC framework
Experience in managing Security Operations Center (SOC) and Incident response
Demonstrate collaborative work ethics and enterprise-wide mindset in the performance of duties.
Ability to drive change across various business and technology functions
Promote a strong culture of control awareness and risk mitigation in all dealings with the Technology and Business.
Provide focus and clarity in establishing individual goals, driving performance management, supporting career development and rewarding strong performance.
Excellent communication and presentation skills
Well-developed impact and influence skills
Proven track record of building strong relationships across business functions
Strong vendor management skills
Roles & Responsibilities:-
Responsible for managing IT Risk Operations including Process, Technology, Cyber Security, Audit, Legal and regulatory compliance. Candidate should be a subject matter expert on IT Risk Management with proven leadership capability to manage and drive risk management processes at pan-organization level including business functions.
Manage various IT Risks including identification and closure.
Provide effective oversight of risk management practices by deploying effective and efficient processes.
Responsible for all risks including process, technical, and incident based.
Contribute to and support the execution of IT Risk management programs.
Publish monthly reports to CTO/Senior management. Participate in the governance/review activities for various initiatives including those of business ensuring that existing and emerging IT Risks are identified and mitigated in a proactive manner.
Manage vendors as part of strategic outsourcing assignments.
Oversee various risk assessments such as Business Process Reviews/VA/PT/Appsec/ etc.
Responsible for Security Incident Response.
Responsible for overseeing 24x7 Security Operations Center (SOC)
Engage with stakeholders such as business teams, IT operations teams, application development teams etc. for driving risk closures.
Responsible for defining and enforcing security policies, standards/guidelines and reporting compliance to policies
Establish effective monitoring practices to ensure adherence to the IT risk management framework and policy.
Liaison with Senior executive management for matters related to IT Risk.
Reports to Head IT Risk & Compliance
Technology senior and executive management
Management & Executives within the business
Counterparts in other financial institutions involved in IT Risk Management