Job
Description
POSITION DESCRIPTION JOB TITLE Lead – IT Risk & Business Continuity GRADE VP-I DEPARTMENT Risk LOCATION HO SUB-DEPARTMENT IT Risk TYPE OF POSITION Full-time REPORTS TO Chief Risk Officer (CRO)/Head Ops RISK REPORTING INTO Manager – IT Risk ROLE PURPOSE & OBJECTIVE (A two to three line statement outlining the objective or the reason for which the job exists. What would not get done in the organization if this role did not exist?) Oversee and drive technology risk management focusing on application, infrastructure, availability, reliability and disaster recovery processes. Drive business continuity program of the organization as per the BIA – Business Impact Analysis Leading third party risk management process in alignment to organization outsourcing policy. Responsible for monitoring and managing overall IT Operational Risk posture of the bank Responsible for conducting Root cause analysis on critical IT incidents and implement preventive measures. Responsible for reviewing the RBAC (Role Based Access Control) and to ensure User access review is conducted for the critical applications on defined frequency as per the User Access Management Policy. Work with IT to minimize the recurring instances of gaps in system implementation that results in customer services issues Perform annual/semi-annual review of technology, BCP and outsourcing risks in a structured manner for internal and external (RBI- ICAAP) reporting. SIZE OF THE ROLE (Mention the financial number as applicable for the role. Few examples given below) (Mention the non-financial number as applicable for the role. Few examples given below) FINANCIAL SIZE NON-FINANCIAL SIZE Budget related to business continuity, Information Technology General Control (ITGC) Team of 3-4 managers and 2-3 specialist Regular interaction internal stakeholders – Business heads, IT Solution Delivery heads, IT Application service Management heads, IT Governance head, Head Digital Banking, Principal Nodal Officer, National Manager – Compliance, National Manager – Legal, National Manager – CPMT, Head Alliance and Electronic Payments. KEY DUTIES & RESPONSIBILITIES OF THE ROLE (These responsibilities are representative and the role holder is also responsible for any other job assigned by the superior authorities from time to time. This section in not intended to be an exhaustive listing of all activities done by the role holder. It should capture only the key deliverables and responsibilities of the role) Business/ Financials Design, develop and maintain technology risk and general control framework by incorporating relevant standards and good practices such as ITIL, COBIT, ISO and NIST. Drive design effectiveness assessments and operational effectiveness testing for controls and key risk mapped to technology threat vectors. Oversee development, review and maintenance of Business continuity framework and plans for organization resilience during disruptive events. Ensure annual Business Impact Analysis (BIA) are carried out to develop and maintain business continuity recovery strategies. Drive evaluation of potential risks associated with emerging technology, new projects and system changes Continually improve the quality of the risk management through evaluation of IT operations process like change management, patch management, incident management, backup and disaster recovery. Manage third party Technology and Operational risk management for all third parties by identifying, evaluating, reporting risks in their environment. Ensure comprehensive risk assessments, controls testing are conducted in alignment with the enterprise risk framework. Articulate, monitor and measure Technology and Operational Risk through appropriate assessments, Key Risk Indicators (KRIs), Enterprise Risk Indicators (ERI) and by developing appropriate responses to address changing business needs and control requirements. Set and manage strategic development and tactical implementation of compliance plans of Technology and operational Risk. Drive continuous improvement in organization resilience by monitoring business continuity drills recovery objectives and strategies. Perform annual/semi-annual review of technology, BCP and outsourcing risks in a structured manner for internal and external (RBI- ICAAP) reporting. Customer (Both Internal & External) Drive business continuity or resiliency preparedness for the organization. Support business continuity of customer services during disruptive events Collaborate with stakeholders involved in the Business, control and support functions Support the stakeholders in gathering information and preparing for all tech risk related reporting and meeting, i.e. internal and external audit, regulatory interaction, etc. Document and report IT risks and business continuity issues to Chief Risk Officer (CRO), management committees and other stakeholders Internal Process Evaluate policies, standards, processes and procedures for completeness and recommend enhancements. Ensure user access review of all business applications, servers, security and networking devices are conducted on a periodic basis. Drive post incident analysis along with impact assessment for downtime of IT application and services. Ensure Business Continuity Plans (BCPs) are periodically reviewed, tested and updated to reflect changing needs and lessons learned. Innovation & Learning Disseminate and educate the organization on IT Risk policies, procedures and guideline to all concerned. Builds and monitors manpower with sufficient knowledge, experience, professional qualifications and appropriately skilled resources to deliver as per the plan to meet the organization objectives. Monitor the knowledge levels and identify skills gaps of the team and put in place a continuous training program to update their knowledge and skills. Prescribe various learning interventions for the organization based on patterns of risk, regulatory requirements and need of the organization. Stay knowledgeable of laws, rules, regulations and current trends in all areas of Technology Risk and Business Continuity. MINIMUM REQUIREMENTS OF KNOWLEDGE & SKILLS Educational Qualifications Bachelor’s Degree in Computer Science or Information Technology OR Post-Graduation or master’s degree in Computer Science/ Computer Application Experience Range (Years and Core Experience Type) Mandatory experience of 14 to 20 years in Technology Risk Management, IT Governance & Business continuity Desired experience of 7 to 10 years in Banking Industry Good understanding of industry best practices in technology risk frameworks such as National Institute of Standards and Technology (NIST), Control Objectives for information and Related Technology (COBIT), ISO 22301, Information Technology Infrastructure Library (ITIL) , IT Act, RBI guidelines on IT risk and governance, Audit frameworks and best practices. Sound knowledge in the domains of IT Operations, IT Service Management, Business Continuity, Cloud, IT applications & infrastructure at the organization level. Good exposure to risk assessment including third party risk assessment. Strong Project Management skills Certifications The certification such as CISM, CISA, CEGIT, ISO 22301 will be added advantage Functional Skills Sound Computer knowledge (MS Office, Outlook, MS PowerPoint) / Ease of technology usage Basic knowledge of Banking Industry, Banking IT applications Enterprise Risk Management, Operational Risk Management and Business Continuity Show more Show less
