Technology Risk Management

• Working with the technology department to govern, analyze and better understand their risk profile
• Identifying and assessing the impact of technology risk through complex Thematic Reviews/ Risk Assessments and develop mitigation strategies in areas of User Access Management, IT Change Management & SDLC, IT Incident Management, IT Disaster Recovery, IT Project Management, IT Assets, IT Services and Operations, IT Vendor Management etc.
• Review product and process notes for new product launches and technology enhancement in existing systems. Ensuring key risks are identified and relevant controls are documented in Risk Control Matrix (RCM)/Risk Registers
• Review of User Acceptance Testing (UAT) scenarios and test cases for new products/system enhancements and provide inputs for new/additional UAT scenarios for the products
• Updation of technology risk framework used in conducting risk assessments. Review of IT and IS processes and updation of risk registers in the central risk repository
• Facilitate the Risk Control Self-Assessment (RCSA) process for IT and IS processes, highlight key findings and develop a mitigation plan with the process unit
• Proactively managing IT and IS risks so that there are no major incidents, losses, breaches or examples of non-compliance
• Develop on going technology risk monitoring metrics through Key Risk indicator Reporting (KRIs), monitoring and analyzing key trends and defining metrics to regularly measure control effectiveness
• Regularly engaging with internal & external stakeholders on the Banks IT risk posture
• Driving effective implementation & communication of Technology Risk Management policies & guidelines
• Engagement with auditors (internal and external) as per the audit calendar and provide timely and appropriate responses/action plans

Experience and Skills

• 10-15 years of relevant experience
• Expert knowledge of Technology Risk, IT Security and risk discipline and practice
• Graduation in engineering, IT or computer science and/or A Masters Degree in Business with computer skills/ certifications or Masters in Information Systems
• Strong skills in Microsoft Excel and Power Point
• Professional certifications such as CISA, CISSP, CISM, CRISC, ISMS, CCNA or equivalent are preferred
• Knowledge of regulatory guidelines, frameworks and alignment with banking policies and processes