Job Description
Role Purpose
The purpose of the role is to govern and manage the risk assessment, remediation and monitoring of information and technology process risks.
Responsibilities
- Governance on risk and compliance performed by various technology and control functions.
- Managing the risk assessment, remediation and monitoring of information and technology process risks
- Serve as an internal risk consultant to the operating functions and business lines.
- Ensure process risk identification, assessment, quantification, reporting, communication, mitigation, and monitoring.
- Support implementation of information security policies as applicable
- Drive risk closure/ mitigation/ acceptance with stakeholders of business function and technology leaders
- Ensure periodic calendarized entitlement reviews are completed and risks are brought to an acceptable level.
- Working with various control functions to ensure all identified risks are tracked and mitigated.
- Working with the technology leaders to identify the control gaps.
- Work as a SME for risk and controls applicable to the operations performed by the function.
- Maintain strong working relationship with the stakeholders.
- Review and fine tune the policies and processes as per the industry best practices.
- Tracking of all identified risks by various control function and ensuring closure of the risks within the defined timelines.
- Prepare and maintain risk heat map and risk registers.
- Build the team and mentor the team members.
͏
Required Skill
- Excellent executive level communication skills
- Maintain strong working relationship with the team members and should be able to motivate the team members to achieve the goals and objective of the function
- Self-starter and decision maker with strong analytical skills
- Knowledge on following area with solid understanding of Risk Management Lifecycle
- Application Security
- Data Security
- Identity Access Management
- Cloud risk management
- Sound domain knowledge in risk assessment and treatment and exposure to standards such as ISO27001, PCI-DSS, NIST Control etc
- Knowledge and understanding of security incident response aspects is desirable
- Ability to negotiate with people for aligning towards closure of IT risks and issues
- Proficient in preparation of reports, dashboards, and documentation
- Should have high level knowledge and experience on Technology in general
͏
Performance Parameters
- Tracking and closure of risks and audit actions
- Ensure all risks and issues are tracked and updated on a weekly basis along with the closure timeline.
- Ensure all risks are tracked and closed within the defined timelines
- Ensure average aging of the open risks should not go beyond 30 days.