IT Risk Specialist - Immediate Joiners only

Greetings from SmartStream Technologies India Pvt. Ltd. !

Job Type - Office working (Hybrid)

An IT Risk Specialist is responsible for identifying, assessing, and mitigating potential risks to an organization's information technology systems and data. They ensure the security, privacy, and integrity of IT infrastructure while adhering to relevant regulatory standards and industry best practices.

? Monitor industry compliance (PCI-DSS, ISO 27001, SSAE, NIST) requirements and cyber security trends.

? Review cloud security solutions with respect to PCI and Cloud Security Attestation (CSA).

? Support the PCI Network, IT Infrastructure and Applications with security solutions, that offers SaaS OnDemand platform to card customers.

Job Responsibilities

? Develop a master control list, including clearly written failure points and testing procedures that effectively address the security, risks, controls, and compliance issues.

? Identify and assess risks related to IT systems, networks, and data.

? Perform risk assessments and vulnerability assessments for technology infrastructure and processes. Prioritize risks based on their potential impact on the business.

? Assist with documenting and regularly reviewing security policies, processes, and procedures.

? Ensure compliance with industry standards, regulatory requirements, and internal security policies.

? Conduct periodic IT security review, firewall configurations review of PCI environment.

? Oversee the identification, investigation, and response to IT security incidents and breaches.

? Conduct post-incident analysis to determine root causes and recommend improvements.

? Review IT security controls required for cloud security, ISO 27017, ISO 27001, C5, CSA, SSAE etc.

? Perform Risk assessment of client environment and hosted SaaS offerings.

? Perform internal assessment on client IT security and compliance requirements.

? Perform ad hoc audit projects responding to emerging risks and management requests.

? Act as the primary contact between technical teams, internal and external auditors; compiling and preparing artefacts.

? Respond to customer RFPs and RFIs on PCI and Cloud security deliverables.

? Conduct relevant contract reviews regarding PCI compliance and IT security requirements.

? Partner with procurement on the 3rd party risk management program.

? Senior management reporting on the Audit observations.

Key Skills

Ability to multi-task, prioritize tasks in a rapidly changing environment

Good exposure of IT infra and Cloud hosting.

Flexibility to work global hours with limited in-country travel

Client Focus, Priority setting, Integrity and Trust

Analytical with good problem-solving skills

Strong interpersonal and influencing skills; Excellent Stakeholder engagement

Proven ability to communicate effectively at all levels

Excellent communication and presentation skills

Self-starter and strong motivator

Ability to identify hot spots and quickly assess the impact and provide tactical and strategic controls

Can operate effectively in a dynamic environment with tight deadlines, and can prioritize one's own work to achieve them

Desirable Skills

Flexibility to work global hours with limited in-country travel

CISA, CISSP certification is a plus.

Relevant business knowledge in fintech would be well regarded.

Agile experience is a Plus.

Qualifications

Graduate or above from an accredited College or University (or equivalent)

Experience

10-15 years in IT security audit in an investment / commercial bank or fintech environment.

Knowledge IT risk management.

Knowledge of IT infrastructure and application is a must.

Knowledge of SDLC, STLC and bug life cycle

Employment Type

Permanent

Benefits

Competitive salary

Open work culture

Smart casual dress code

Health insurances

Office in prime location