The selected candidate will focus on following responsibilities/duties –

• Conduct independent risk management reviews and identify control expectations with primary focus on information technology, information security, third party risk management, business resiliency and disaster recovery processes/applications.

• Identify operational risk issues and assign risk ratings consistent with established policies and standards.

• Evaluate the adequacy and effectiveness of applicable policies, procedures, processes, systems and internal controls.

• Perform testing coverage gap analysis on policy requirements for risk types aligned to various operational and technology processes.

• Develop, implement, and support an effective control testing operating model to provide transparency, accountability, and escalation of control effectiveness.

• Create and document control test scripts, testing success criteria and executing controls performance testing as a next step to design effectiveness testing.

• Consult with frontline partners and other independent risk management teams to open issues related to control failures.

• Validate/evaluate appropriateness, completeness, effectiveness, and sustainability of corrective actions taken to address situations defined as issues.

• Review for consistency and thoroughness and suggest improvements for better resiliency.

• Proactively monitor control effectiveness through quantifiable risk measurements.

• Provide mentorship and support as a SME to the team around control framework requirements aligned to technology/information security/third party/business resiliency and disaster recovery control implementation.

• Facilitate stakeholder management and communication across various levels of the organization.

• Prepare and present Risk Assessment reports, status updates and related metrics to the concerned TISRM stakeholders.

Required Qualifications:

• 10+ years of experience in risk assessment, control testing/evaluation and issue management on various technology risks, inclusive of but not limited to, information security risk, third party risk, business resiliency and disaster recovery.

• Industry recognized certification such as CISA / CRISC / CISSP/CISM.

• Good to have working knowledge of COBIT framework with an emphasis on measuring control effectiveness and risk assessments.

Desired Qualifications:

• Advanced Microsoft Office skills.

• Excellent verbal, written and interpersonal communication skills.

• Strong analytical skills with high attention to detail and accuracy.

• Ability to interact with all levels of an organization.

• Ability to present complex material in a digestible, consumable manner to all levels of management.

Other desirable skills experience

• Broad knowledge of operational risks including technology risk and the issues faced by financial institutions today.

• Strong knowledge on enterprise risks, i.e.front office and middle office processes/controls would be considered as an added advantage.

• Proven experience with managing technology risk issues.

• Experience developing risk metrics and trending reports.

• Ability to synthesize data from a variety of sources and deliver results quickly.

• Strong organization and detail-oriented skills, with proven ability to manage and prioritize work to meet deadlines despite frequent interruptions.

• Highly proactive, able to work both independently and within a collaborative team -oriented environment using sound judgment in decision-making.

• Demonstrated ability to work effectively with virtual and/or geographically dispersed teams