Central Risk Governance Program Manager, AVP

Job Title: Central Risk Governance Program Manager , AVP

Location: Pune, India

Role Description

• We are looking for a specialist to join the newly formed Central Risk Governance (CRG) function within CB Tech Risk and Control to support governance and oversight of IT/ IS Risk and Control risk remediation and findings related Book of Work.
• For IT/ IS Risk and Control risk remediation BOW, this involves facilitating clear scope definition of control programs, facilitating training of the control landscape where required, ensuring commitment for proactive remediation of IT/IS risk across CIO aligned delivery teams, monitoring and reporting progress, escalating risks/issues/blockers for resolution. Hands-on technical data analysis and recommending control process improvements where required to help ensure overall ensuring technology and security controls are implemented effectively and sustainably.
• For Findings related BOW, this involves liaising across the CB Tech organization and with Group Audit to ensure all responses to GA are addressed on time and with completeness and accuracy at critical points of the finding lifecycle. Hands-on technical data analysis and contributing design ideas for new dashboards and governance process improvements to help ensure the broader organization meets its findings related objectives.

You will work as part of a cross-functional agile delivery team. You will bring an innovative approach to software development, focusing on using the latest technologies and practices, as part of a relentless focus on business value. You will be someone who sees engineering as team activity, with a predisposition to open code, open discussion and creating a supportive, collaborative environment. You will be ready to contribute to all stages of software delivery, from initial analysis right through to production support.

Your key responsibilities

As Central Risk Governance Program Manager, your efforts will be concentrated in one of the two focus areas below. You will be part of a team of CRG Program Managers who are cross trained in both CRG delivery areas to ensure sufficient coverage.

Findings Management Delivery:

You will partner with CB Tech Audit Management and Advisory (AM&A) group and CRG Program Leadership to ensure visibility and governance over all finding related priorities and improve CRMG outcomes:

• Partner with Audit Management and Advisory (AM&A) group to design and deliver improved dashboards to track findings remediation and progress towards CRMG targets at CIO-1 and below.
• Replicate CB Tech Cash Management Transformation & Governance findings delivery management best practices across Non-Cash portfolios (e.g, monthly health check calls, oversight over monthly status updates and other GFMS data hygiene).
• Conduct hands-on technical data analysis and designing new reports, processes, and tooling improvements to improve sustainability and efficiency of overall governance findings LCE documentation through the internal workflow steps.
• Partner with CRG Risk Governance Program Manager for IT/IS Controls to ensure clear tracking visibility of inter-linkages with audit findings or self-identified issues with BAU IT/IS control remediation JIRA items.
• Ensure overall data quality of findings related JIRAs feeding into senior management dashboards.
• Partner with Audit Management and Advisory (AM&A) group and Control Uplift SMEs to document to develop improved procedural documentation and training materials around finding LCE documentation e.g., deliverables of what good evidence looks like to reduce wasted cycles of evidence production.

Information Technology/Information Security Controls Delivery Program:

You will partner with CIO aligned Agile delivery teams, Control Uplift SMEs and CRG Program Leadership to ensure overall risk priorities are delivered per defined targets.

• Ensuring clear scope definition of Information Technology/Information Security Controls control programs, facilitating additional training of the control landscape where required
• Ensuring the timely capture, transparency and accountability of commitment dates from CIO aligned teams, monitoring and reporting progress.
• Providing regular status reporting and escalating risks/issues/blockers for resolution
• Conducting hands-on technical data analysis and recommending control process improvements, where required, to help ensure overall ensuring technology and security controls are implemented effectively and sustainably.
• Ensuring appropriate tagging of risk and control prioritization and clear tracking of inter-linkages with audit findings or self-identified issues
• Ensuring overall data quality of Information Technology/Information Security Control remediation related JIRAs feeding into senior management dashboards
• Overall ensuring Information Technology and Information Security risk remediation programs are initiated and executed in line with Deutsche Bank Risk and Program standards. Also will work with policy owners and control owners to improve processes and tooling.
• Overall Working with the control teams to identify and resolve potential issues in Information Technology and Security control design. Identify and resolve implementation issues. Suggest effectiveness metrics, ensure control design includes proper evidence, and provide input to the design and effectiveness of centrally provided tooling.

Your skills and experience

Delivery Management /Program Management:

• Must have 5+ years overall IT project management /program management/business management or PMO experience, preferably in banking/financial services or a similarly regulated environment
• Demonstrable experience in managing large stakeholder groups across time zones.
• Must have experience managing multiple projects simultaneously; experience maintaining comprehensive project documentation and proactive risk/issue management.
• Must have advanced verbal and written communication skills to present ideas and concepts effectively.
• Industry standard Project management certification or Agile certification preferred.
• Experience working in an Agile delivery environment practicing Scrum or Kanban (Lean Agile Practitioner) and using JIRA preferred.

Risk and Control:

• Demonstrable familiarity with concepts of Technology Roadmap Compliance, Patching lifecycle knowledge especially Java, Oracle, Disaster Recovery, Secondary Storage, Back Up planning and testing
• Demonstrable familiarity with general Patching concepts and challenges in critical technologies (Java, Oracle, UNIX, etc.), PVG process and CVE advisory process for vulnerabilities
• Demonstrable familiarity on Identity and Access Management, Vulnerability management/Cyber Hygiene best practices, penetration testing
• Experience working in Risk and Control, audit or 2nd Line domain preferred.
• Experience in designing or generating regular IT / IS compliance reports and presentations for senior management preferred.
• Data analysis and reporting skills using industry standard tools including but not limited to excel, tableau or similar preferred.
• Demonstrable familiarity with general Patching concepts and challenges in critical technologies (Java, Oracle, UNIX, etc.), PVG process and CVE advisory process for vulnerabilities
• Demonstrable familiarity on Identity and Access Management, Vulnerability management/Cyber Hygiene best practices, penetration testing
• Experience working in Risk and Control, audit or 2nd Line domain preferred.
• Experience in designing or generating reports and presentations for senior management preferred.
• Data analysis and reporting skills using industry standard tools including but not limited to excel, tableau or similar preferred

How we ll support you

• Training and development to help you excel in your career
• Coaching and support from experts in your team
• A culture of continuous learning to aid progression
• A range of flexible benefits that you can tailor to suit your needs