Regulatory Cybersecurity & IT Risk Validation Analyst

Job Purpose:

The purpose of this role is to review the design and execution of the Regulatory Cyber Security & Information Technology (CSITE) Key Risk Indicators (KRIs) & Risk Based Supervision (RBS) data points.

Job Background/Context:

The organization is required to report 337 data points for CSITE KRIs & RBS on a quarterly basis to the regulator. These data points are primarily owned (95%) by Technology, CTI & CSI, with the residual by multiple other functions. To ensure accuracy, an independent validation is required for a substantial percentage (expected 50%) of the KRIs prior to submission, and the remainder post submission. This requirement is mandated by the IT Strategy Committee (Regulatory Mandate Committee) as well as by Audit. Since the submission deadline is typically three weeks after every quarter-end, and data is available only post quarter-end (most by the 15th of the preceding month), additional resources are required to complete the validation in line with expectations.

Key Responsibilities:

• Coordinate with functional SMEs to conduct reviews, monitor requested data aggregation, and prepare validation plans.
• Review Standard Operating Procedures (SOPs) for reporting data points and recommend enhancements.
• Ensure SOPs exist where missing, and update them for process changes.
• Perform quarterly validation of the accuracy of reported data (337 data points) both pre- and post-submission.
• Review validation controls implemented for submissions, and recommend additional controls as appropriate.
• Present validation dashboards, highlighting errors, root causes, and corrective actions.
• Provide management updates via dashboards on validations performed and issues identified.
• Deliver walkthroughs of validations to regulators and auditors as required.
• Maintain organized evidence of all validations in a centralized repository.

Person Specification

Knowledge/Experience

• Essential:

• Minimum 2 years of audit experience in IT & Cybersecurity
• Hands-on experience in IT & Cybersecurity

• Desirable:

• Experience validating CSITE KRIs & RBS reporting
• Experience in audit/validation of regulatory submissions
• Knowledge of compliance rules, regulations, risks, and typologies

Skills (Technical):

• Essential:

  Proficient in MS Office (Excel, Word, PowerPoint), strong verbal & written communication

• Desirable:

  Advanced data analysis and reporting skills

Qualifications:

• Essential:

  Bachelor’s Degree; Chartered Accountant preferred; ICWA acceptable

• Desirable:

  CISA Certification; Project Management Professional

Competencies (Soft Skills):

• Strong stakeholder management
• Effective interpersonal and collaborative skills
• Ability to work independently as well as in teams
• Strong project management and organizational abilities

EEO:

“Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of – Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans.”