drjobs Senior Analyst- Technology Risk Management

Senior Analyst- Technology Risk Management

Employer Active

1 Vacancy
drjobs

Job Alert

You will be updated with latest job alerts via email
Valid email field required
Send jobs
Send me jobs like this
drjobs

Job Alert

You will be updated with latest job alerts via email

Valid email field required
Send jobs
Job Location drjobs

Banga - India

Monthly Salary drjobs

Not Disclosed

drjobs

Salary Not Disclosed

Vacancy

1 Vacancy

Job Description

Job Purpose:

Candidate will work with VP Head of Service Risk AO & Digital Platforms to ensure GRC Operational activities are executed as per the agreed timelines in line with the requirements.

Key Accountabilities:

GRC Operations 

  • Implement GRC activity oversight mechanism across the unit and ensure implementation of proper tracking & reporting systems.  
  • Track and complete GT BIA/BCP related requirements as per the GBCM timelines. 
  • Track monitor and report GT related periodic UAE regulatory requests & reporting. 
  • Actively work with the team to improve GT Risk Remediation activities and implement proper governance mechanisms. 
  • Ensure timely completion of IT Risk Operations activities.  
  • Manage Data Leakage Prevention (DLP) notifications and implement improvement initiatives to optimize the monitoring policies.
  • Ensure timely remediation of DLP alerts and necessary actions as per the organization policies. 
  • Act as a point of contact for GIA for TechGRC audit activities.  
  • Implement proper tracking mechanism for Operational Risk Incidents to ensure compliance with GORM policies.  
  • Ensure all the GRC systems used by 3 lines of defense are in sync and execute periodic reconciliation activities. 
  • Work with the teams to have definitive plans for GIA issues and other key risk items to ensure timely remediation. 
  • Identify and implement automation initiatives to improve overall GRC operations. 
  • Implement initiatives to improve ways of working with 2nd line & 3rd line functions. 
  • Produce timely and accurate MIS for GRC related activities to be covered as part of regular reporting. 

Technology Risk Management Framework:

  • Review and provide inputs on IT risk management framework to ensure efficiency and effectiveness of the process performance
  • Review and provide inputs on technology policies processes & standards to ensure proper coverage of technology controls and metrics
  • Conduct regular reviews and assessments to assess adherence to Group policies and standards for effective implementation within Group Technology (GT)
  • Review and provide input on standard technology risk and control library
  • Implement the cyber risk assessment model and analysis approaches
  • Conduct various assurance initiatives and internal reviews across GT
  • Identify and implement control automation initiatives across GT

Cloud Management

  • Participate in conducting due diligence of cloud service providers and ongoing cloud service providers assessments.
  • Assess cloud solutions and determine risk of technology architecture implementation and suitability for the organization.
  • Review cloud service providers contracts for compliance with Group policies/processes and ensure relevant controls are considered in the contract with cloud service providers.
  • Assess the risk implications of digital innovation and its impact on technology risk profile of the bank. Provide recommendations to optimize the risks and ensure technology policy and process alignment.
  • Conduct indepth technical security reviews risk assessments and architecture reviews for Cloud based technologies and solutions to ensure alignment with information security policies and technology guidelines.

DevOps/DevSecOps/Agile Practices

  • Provide inputs to development and maintenance of policies frameworks methods and standards for the DevOps and agile practices.
  • Ensure risk and security control requirements are considered during the early stages of the development lifecycle
  • Review possible bottlenecks of running the application in production and suggest service improvement plans.

Technology Risk Identification & Assessments:

  • Work with service teams on various risk and control assessments activities and ensure technology risks are managed as per FAB policies and standards.
  • Participate in Project & Change reviews to ensure appropriate treatment of technology risks.
  • Execute periodic risk assessment activities to identify vulnerabilities threats and control effectiveness.
  • Assess the severity of each risk by assessing likelihood and impact. Work with stakeholders on the residual risk ratings and potential risk exposure.

Technology Risk Treatment & Review:

  • Support development of risk treatment strategies to maintain the banks risk posture at the desired level.
  • Ensure proper implementation of risk treatment options such as mitigation transfer acceptance etc. and help IT teams in mitigation or acceptance of risks/issues.

Technology Risk Monitoring & Reporting:

  • Review risk items and define Key Risk Indicators (KRI) to monitor high risk areas.
  • Produce periodic risk profile reports and KRI reports to senior management.
  • Work with technology teams to review Major incidents Reports and identify risk/control measures to prevent incident reoccurrence.

Job Context:

Key Performance Indicators:

  • Timely remediation of DLP alerts and associated actions.
  • Participation in relevant service line specific EA community sessions to address the GRC requirements
  • Completion of Risk and Control SelfAssessments as per the agreed schedule
  • Remediation of Technology GRC risk issues as per the established timelines
  • Adequately monitor and supervise remediation of Technology Service Line risk issues as per the agreed timelines
  • Ontime completion of KRI reporting and GORM incident management reporting
  • Completion of regulatory reporting activities as per the timelines
  • Adherence to GRC automation initiatives implementation plans
  • Ontime completion of mandatory trainings and meeting certification requirement
  • Ensure external audit and regulatory certifications are completed on time without noncompliance (PCI DSS KPMG Statutory Audit Swift CSF and NESA)
  • Coordinate with service lines to gather RFIs and management response for GIA (Group Internal Audits) on time.

Qualifications :

Knowledge & Experience:

  • 8 10 years of working experience in IT Security Risk and Governance practices.
  • Experience with DLP (Data Leakage Prevention) management activities.
  • Knowledge and expertise in virtualization and cloud computing environments (different cloud models and types).
  • Hands on experience in using various Cloud Security best practices such as Cloud Security Alliance (CSA) guidelines and National Institute of Standards and Technology (NIST) guidelines.
  • Demonstrated experience in conducting technical risk assessments for various Cloud platforms.
  • Good understanding of process models and industry standards relating to IT Security Risk and Governance.
  • Good understanding of security and risk management in financial institutions.
  • Excellent interpersonal skills and good oral and written communication skills.
  • Achievement of industry recognized certifications such as CISSP CRISC CCSP CCSK CISA etc.
  • Achievement of AWS and Azure cloud certifications is preferable.

Skills:

  • Relationship management
  • Influencing skills
  • Big picture thinker with attention to details
  • Strong change and communication skills
  • Strong analysis skills
  • Strong interpersonal skills


Remote Work :

No


Employment Type :

Fulltime

Employment Type

Full-time

Company Industry

Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.