IT Risk & Control, AVP

Job Description

: Job Title IT Risk & Control, AVP LocationMumbai, India Role Description The IT Risk and Control Analyst provides data analysis, identifies and evaluates potential areas of non-compliance or risk, assessing impact, probability and defined risk tolerance and presents findings and proposals for risk mitigation measures. The Divisional Regulatory, Risk and Control Analyst is responsible for supporting the delivery of the risk and control initiatives. This includes participation in risk and control activities, risk-based control reporting of key issues, performance and validation of cyclical activities such as annual control self-assessments. It may also include control testing, incident research, remediation and other ad hoc control initiatives and projects. Working closely with teams in and out of the division to understand risks impacting the group. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement Understand complex business and information technology management processes Assist in the selection and tailoring of approaches, methods and solutions to support service offering or industry projects Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions Facilitate use of technology-based tools or methodologies to review, design and/or implement products and services Ensure application & vendor compliance to DB IT security policies & procedures Responsible for audit on Vendor Risk Management compliance & approvals within the bank. Ensuring compliance of application penetration testing and co-ordinating with CISO & application vendor team to ensure tracking and closure of open risk points within the application Ensuring completion of Risk Assessment and Compliance Evaluation of Applications in co-ordination with the IT application owner. Single point of contact for internal/external/regulatory Retail IT Audit compliance. Periodically conduct individual IS reviews to identify IT risks. Responsible for IT Vendor information security audit scope and execution to be conducted by -external IS vendors. Responsible for demonstrating continuous improvement in state of monitoring of information security events. Responsible to timely reporting and resolution of security incidents to IT management teams. Enabling automated log aggregation, correlation, and analysis through ArcSight tool with the help of IT application vendor. Your skills and experience Bachelor of Science or Bachelor of Engineering + MBA equivalent from an accredited college or university (or equivalent) 10-14 years experience in the field of Information Technology/ Information Security (preferably Bank Retail application technology) Experience in the field of Information Security / SOC / Incident Response / Incident Forensics Domain knowledge in the Banking & Financial Payments industry Good written and spoken communication skills A working knowledge of most aspects of information security is essential, as is the ability to apply this knowledge in an open network environment Information Security technical Certifications such as CEH, ECSA, CISA, CISSP etc. Strong working knowledge of various security technologies including architecture, incident management, and forensics. Experience or technical knowledge in financial environments is a plus Professional level of English How well support you