2 Risk Environment Jobs

Understand and analyze business setting from an information security perspective Perform risk assessments on complex applications, vendors, processes and projects from an information security perspective Identify security gaps, evaluate options for remediation, define and implement check points and compensating controls. Provide sufficient information related to the business context, information sensitivity and nature of usage of an application, including identification and implementation of controls for identified Information Security risks in their area of responsibility To cooperate with the D-ISO D-CISO to address requests for policy interpretation, guidance and advice, to ensure creation of divisional policies in accordance with the IS Policy Governance and to support policy authors by raising questions to the policy advisory team Present assessments results and options to the business and discuss steps for resolution. Initiate and track risk acceptance process if required. Analyze and redesign access management processes (request and approval). Define and implement Segregation of Duties rules (details outlined below) Identifying applications and roles which allow access to PSI and assess appropriateness of access controls. Review of roles and application role concepts. Support on inquiries from internal and External Audit, regulators and clients. Advisory and support projects on information security questions. Advisory vendor relationships. Interact with and educate the business on information security risks and controls and handling sensitive data. Assist in assessing and determining appropriate controls on unstructured data hosted on internal and external data rooms. Conduct information security awareness sessions for stakeholders in CB. Assist in designing and implementing control framework for third party applications. Analyze the root cause for delays or incorrect processing and propose sustainable solutions Generate MIS for multiple IS topics and to assist senior management identify risks Support the wider D-CISO office where required including any adhoc analysis and presentations The Segregation of Duties (SoD) Manager acts as the single point of contact for the Divisions or Functions or other stakeholders with regard to any SoD related questions or issues in their area of responsibility. Key responsibilities of the SoD Manager comprise: To design and implement SoD Rules (for applications) in close collaboration with the ISO as well as other SoD Managers or stakeholders who may be affected by these rules. This includes the regular review of these rules and any necessary amendments To assess and remediate any SoD violations detected within their area of responsibility by either revoking inappropriate access or ensuring adequate compensating controls or exception handling procedures To assess the impact of inappropriate access on business operations and identify if there are indications for improper use of this access To act as the single point of contact for the Divisions or Functions or other stakeholders with regard to any SoD related questions or issues in their area of responsibility Liaise and coordinate with Central SoD Governance team and attend SoD forums Special Projects support on ongoing remediation projects. Your skills and experience Skills Profile: Experience as IT and/or IS analyst ideally in a Corporate Banking environment Proficiency in Microsoft Office applications (Excel, PowerPoint, Word, etc.) Excellent communication skills in English (verbal and written) with ability to articulate engage with Senior management stakeholders (a must) Strong analytical skills and ability to transform complex issues into efficient solutions Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs. Management Skills: Strong operational and people management skills, including the ability to operate within a diverse team. Excellent partnering skills and stakeholder management. The ability to successfully navigate a complex organisation, build strong relationships and work collaboratively with business and management teams and with other control functions. Comprehensive management leadership skills, including the ability to motivate teams through demonstrable commitment to CB and DBs success. Experience/qualifications: Good university graduate or post-graduate degree with Information Security, Risk Management and Governance Prior experience in a risk environment (e.g. in BISO, ORM, Audit, Data Privacy) Good understanding of major business and operational risk processes. Certifications such as ISO27001-LA/LI, CISM, CISSP etc. Experience in banking industry with a strong sense of accountability and integrity Advanced presentation/interactive skills sufficient to convey complex conceptual information /ideas on issues requiring interpretation and opinion. Desire to work in a fast paced, challenging multi-cultural environment and with ability to work in a global team Self-motivated, critical thinking and good understanding of major business and risk processes.

You will be responsible for planning, implementing, coordinating, and executing all phases of SOX testing compliance process. This includes leading walkthroughs, identifying/validating key controls, developing testing procedures, executing and documenting testing, and reporting results to management. You will also manage updates to process documentation and control matrices for existing SOX processes, as well as assist in the preparation and review of documentation for new processes. In this role, you will perform reviews over SOX deliverables of junior resources to ensure work paper documentation standards are consistent with quality expectations. Building relationships with key stakeholders and leveraging those relationships to influence process/internal control enhancements will be crucial. You will also coordinate with external auditors to align on testing approach and drive SOX testing reliance strategy. Additionally, you will partner with stakeholders to consult on remediation conditions for SOX control deficiencies and perform independent validation of management's action plans for issue closure. Ensuring quality and timeliness of deliverables, including conclusions on control effectiveness and impact of control deficiencies, will be part of your responsibilities. As a key contact person for all internal and external groups on matters related to SOX and internal controls, you will play a critical role in the organization. Collaborating with technology leads to identify automation opportunities for SOX planning and testing activities will be essential. You will also need to identify opportunities to implement data analytics in SOX testing by leveraging knowledge of the risk environment and interdependencies within multiple business processes. Through ad-hoc advisory engagements, you will consult closely with business units to share risk considerations as they undergo strategic projects. Additionally, promoting staff development through real-time coaching and feedback will be a key aspect of this role. If you meet the qualifications and are interested in this opportunity, please share your resume on anuja_chodankar@ajg.com.,