Job Description |
The selected candidate will focus on following responsibilities/duties –
-
Conduct independent risk management reviews and identify control expectations with primary focus on information technology, information security, third party risk management, business resiliency and disaster recovery processes/applications.
-
Identify operational risk issues and assign risk ratings consistent with established policies and standards.
-
Evaluate the adequacy and effectiveness of applicable policies, procedures, processes, systems and internal controls.
-
Perform testing coverage gap analysis on policy requirements for risk types aligned to various operational and technology processes.
-
Develop, implement, and support an effective control testing operating model to provide transparency, accountability, and escalation of control effectiveness.
-
Create and document control test scripts, testing success criteria and executing controls performance testing as a next step to design effectiveness testing.
-
Consult with frontline partners and other independent risk management teams to open issues related to control failures.
-
Validate/evaluate appropriateness, completeness, effectiveness, and sustainability of corrective actions taken to address situations defined as issues.
-
Review for consistency and thoroughness and suggest improvements for better resiliency.
-
Proactively monitor control effectiveness through quantifiable risk measurements.
-
Provide mentorship and support as a SME to the team around control framework requirements aligned to technology/information security/third party/business resiliency and disaster recovery control implementation.
-
Facilitate stakeholder management and communication across various levels of the organization.
-
Prepare and present Risk Assessment reports, status updates and related metrics to the concerned TISRM stakeholders.
Required Qualifications:
-
10+ years of experience in risk assessment, control testing/evaluation and issue management on various technology risks, inclusive of but not limited to, information security risk, third party risk, business resiliency and disaster recovery.
-
Industry recognized certification such as CISA / CRISC / CISSP/CISM.
-
Good to have working knowledge of COBIT framework with an emphasis on measuring control effectiveness and risk assessments.
Desired Qualifications:
-
Advanced Microsoft Office skills.
-
Excellent verbal, written and interpersonal communication skills.
-
Strong analytical skills with high attention to detail and accuracy.
-
Ability to interact with all levels of an organization.
-
Ability to present complex material in a digestible, consumable manner to all levels of management.
Other desirable skills experience
-
Broad knowledge of operational risks including technology risk and the issues faced by financial institutions today.
-
Strong knowledge on enterprise risks, i.e.front office and middle office processes/controls would be considered as an added advantage.
-
Proven experience with managing technology risk issues.
-
Experience developing risk metrics and trending reports.
-
Ability to synthesize data from a variety of sources and deliver results quickly.
-
Strong organization and detail-oriented skills, with proven ability to manage and prioritize work to meet deadlines despite frequent interruptions.
-
Highly proactive, able to work both independently and within a collaborative team -oriented environment using sound judgment in decision-making.
-
Demonstrated ability to work effectively with virtual and/or geographically dispersed teams
|