Opportunity For Technology Risk Manager - SBI Securities

Designation : Technology Risk Manager

Reporting to : Chief Risk Officer

1. Risk Identification and Analysis

• Conduct systematic risk assessments in line with ISO/IEC 27005 and CSCRF, identifying vulnerabilities, threats, and potential impacts on organizational assets.
• Maintain and update a risk inventory, categorizing risks by criticality and likelihood.
• Develop risk scenarios and conduct business impact analyses (BIA).

2. Risk Evaluation and Prioritization

• Apply qualitative and quantitative risk evaluation methods to prioritize risks.
• Align risk evaluations with organizational objectives, compliance requirements, and the business risk appetite.
• Engage with stakeholders to validate and refine risk prioritization decisions.

3. Risk Treatment and Mitigation

• Design, implement, and monitor risk treatment plans in compliance with ISO 27005.
• Recommend appropriate controls from frameworks like ISO/IEC 27005 Annex A, NIST CSF, or industry best practices.
• Ensure alignment with CSCRFs risk response strategies (acceptance, avoidance, mitigation, or transfer).

4. Continuous Monitoring and Reporting

• Develop and implement Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) to track the effectiveness of risk management processes related to technology and cyber security.
• Continuously monitor emerging risks, threat intelligence, and changes in the threat landscape.
• Prepare comprehensive risk assessment reports for leadership and regulatory bodies.

5. Incident Response and Recovery

• Collaborate with incident response teams to manage technology risk events effectively.
• Conduct root cause analyses and update risk registers post-incident.
• Support the enhancement of business continuity and disaster recovery plans (BCP/DRP).

6. Governance, Compliance, and Framework Adoption

• Embed CSCRF and ISO 27005 principles into the organizations overall risk management strategy.
• Ensure compliance with regulatory requirements (e.g., GDPR, RBI IT Guidelines) and internal policies.
• Coordinate with internal audit teams to support risk-related assessments.

7. Awareness and Training

• Develop and deliver training programs on risk management principles, CSCRF, and ISO/IEC 27005.
• Collaborate with business units to foster a culture of risk awareness and accountability.

Competencies Required :

Technical Skills

• Strong understanding of CSCRF and ISO/IEC 27005 frameworks, including risk management lifecycle processes.
• Knowledge of ISO 27001 controls, NIST Cybersecurity Framework (CSF), and COBIT.
• Proficiency in risk assessment tools and methodologies (e.g., FAIR, OCTAVE).
• Familiarity with BFSI-specific regulatory frameworks and compliance requirements.

Soft Skills

• Excellent analytical and problem-solving skills for identifying and addressing complex risks.
• Strong communication and collaboration skills to engage with stakeholders across business and IT functions.
• Leadership abilities to drive risk management initiatives and build cross-functional team co-ordination.

Education :

Qualification

Relevant certifications: CRISC, CISSP, ISO/IEC 27005 Certified Risk Manager, CISM, or

equivalents.

Relevant

Interested candidates can share resumes on ruchi.kedia@sbicapsec.com