Specialist-Risk Management

Job Purpose:

• Run the IT Risk Management Framework for the Bank as the first line of defense
• Identify, assess, and support mitigation of technology risks
• Review, update, approve, and publish IT Policies and Procedures (ITPP) periodically and manage process automation projects
• Collaborate with stakeholders to integrate risk management principles into processes
• Develop and foster a culture of risk awareness across the organization

Job Responsibilities:

Risk Management First Line of Defense

• Provide guidance in development, implementation, and communication of risk-related policies and standards
• Collaborate with IT verticals to identify technology risk issues and ensure conformance with standards and processes
• Partner with the second line of defense to support consistency in processes, assessments, action plans, and escalations
• Define risk indicators, performance indicators, risk metrics, and provide risk acceptance documentation for a holistic IT risk posture
• Benchmark IT controls against global frameworks (COBIT, ISO, COSO) and address identified gaps
• Conduct IT process maturity assessments based on benchmarking
• Assist with technology risk reporting operations, including scheduling meetings, monitoring milestones, escalating past-due activities, problem triage, and archiving artifacts for audits
• Develop ongoing technology risk reporting, monitor trends, and define metrics to measure control effectiveness
• Provide timely updates to address IT risk issues
• Promote technology and operational risk awareness
• Stay current with technology risk management techniques, industry best practices, and regulatory requirements

Risk & Control Self-Assessment (RCSA)

• Drive the RCSA program for IT policies, procedures, and applications
• Collaborate with IT verticals and ITDRM to design and implement the RCSA program
• Conduct RCSA awareness workshops for process/sub-process owners to explain framework requirements, benefits, risk/control identification, testing methodology, documentation, and roles
• Identify and assess risks (severity, impact, likelihood) and controls (classification, design, implementation)
• Identify, measure, and report metrics
• Test design and operating effectiveness of controls and assess residual risk
• Work with process owners to develop Risk Treatment Plans (RTP) and govern their implementation
• Annually review and revise RCSA content for relevance
• Ensure RCSA alignment with IT policies and procedures
• Conduct periodic testing of risks and controls for continuous risk assessment
• Identify new/emerging risks and control changes, updating RCSA continuously
• Support development of the Bank's operational risk framework, ensuring conformance for technology risk
• Liaise with IT functional and technical teams to identify critical applications for control testing and create a self-assessment framework
• Collaborate with the second line of defense for RCSA execution
• Create and maintain IT Risk Register, monitor residual risk, and track RTP implementation

Risk Reporting

• Drive implementation of the Technology Risk Framework
• Identify, monitor, maintain, and improve the control stack for technology risk, including documentation of Key Risk Indicators (KRIs)
• Conduct quarterly KRI assessments for the ICAAP Framework to ensure residual risk is within approved thresholds, performing root cause analysis and corrective/preventive actions
• Report KRIs, root causes, and remediation for breaches to Risk Governance committees
• Follow up with IT verticals to ensure mitigation actions are implemented and report delays to management
• Conduct weekly problem review meetings with IT verticals and TMAC-Quality to identify root causes, develop remediation plans, and reduce high-risk KRIs
• Track open KRIs and action items from risk committee meetings
• Automate risk reporting, including KRIs and dashboards

Other Responsibilities

• Review IT Policy and Process periodically with process owners
• Work with stakeholders on ITPP for new/emerging technologies
• Maintain a comprehensive ITPP repository with version history and change tracking
• Track and report Key Performance Indicators for ITPPs, addressing threshold breaches
• Benchmark ITPP against global frameworks (COSO, COBIT, ISO) and conduct gap/maturity assessments
• Work with process teams to close identified gaps
• Lead internal and external audits, responding to IT process-related audit requirements
• Manage and govern the IT application inventory
• Maintain and enhance guidance documents, execution templates, and report designs
• Collaborate with L&D to identify IT employee training needs, launch ITPP training programs, and ensure adherence
• Work with the Quality team on quality initiatives using a PDCA continuous improvement model
• Perform other assigned duties

Educational Qualifications & Key Skills:

Education

• Graduation in Information Technology, BTech, BE, or BCA
• Relevant certifications in Technology Governance, Risk & Compliance frameworks (e.g., CISA, COBIT, ITIL) preferred

Key Skills

• Strong understanding of IT systems, cloud infrastructure, and emerging technologies
• Proficiency in risk management tools and techniques
• Excellent communication skills
• Analytical and problem-solving abilities
• Proactive and detail-oriented
• Team collaboration and stakeholder management abilities
• Adaptability in a rapidly evolving IT landscape

Experience Required:

• Minimum 11+ years in IT risk management
• Exposure to banking preferred
• Proven experience with IT governance frameworks, regulatory compliance, and risk assessment tools