Position Purpose
Purpose:
The below requirement is for ORO-IT Officer role and part of the Risk ORM, ORO-IT team and will be responsible for assisting with the management and execution of the bank?s IT risk management function within the 2nd Line of Defense.
Scope: Group/Global
Responsibilities
Direct Responsibilities
Conduct ICT risk assessments across Company in accordance with Group RISK ORM ICT standards and policies
Independently perform and contribute to independent risk assessment testing activities, carried out by the global teams as mentioned below:
Application & Infrastructure Risk Assessments working with the Business and Technology teams to identify security issues in existing and new systems, and agree corresponding actions to mitigate or accept risks. Tracking issues and agreed actions to completion.
Horizontal Risk Assessments ? Assessing technology risks in relation to a particular theme or technology across the organization. Examples could be assessments of the firewall change process, applications processing >$5m per day, applications hosted in the cloud, etc.
Vertical Risk Assessments – Assessing risks to a product, service, technology or infrastructure. For instance we may complete a vertical assessment on our remote working solution (including Infrastructure, applications, data, threats etc.) or our Internet connectivity.
ICT GCP (Generic Control Plan) testing ? Perform Generic controls testing to determine the performance and operational effectiveness of controls and develop detailed reports documenting the gaps identified and recommendations for improvement.
Maturity Assessments ? Conduct technical and process based analysis of maturity of ICT controls across Company Group entities.
Partner with Business and Technology teams in helping them understand their technology risk profile and influencing their risk management decisions.
Contribute to the industrialization of RISK ORM, ORO-IT services by development of methodologies / tools for the achievement of assignments.
Work in collaboration with other stakeholders from business and other RISK ORM teams to contribute towards influencing the ICT risk culture and reporting the risk status to the Company Board and senior management.
Contributing Responsibilities
Perform technical and process based ICT risk assessments in partnerships with regional / global stakeholders.
Support the oversight, check & challenge and reporting on the performance and operating effectiveness of ICT / IT controls across Company entities, with a focus on high risk areas and critical business operations
Provide subject matter expertise where required to business and technology teams in helping them understand their technology risk profile and influencing their risk management decisions.
Contribute to the industrialization of ORO-IT services by development of methodologies / tools for the achievement of assignments.
Regularly and proactively monitor global events / incidents to determine new emerging risks areas and propose improvements to the risk assessment approach / processes.
Establish and maintain relationships with RISK ORM, RISK ORM ORO-IT and Company entity stakeholders.
Build and establish networks and relations with other key internal stakeholders (i.e. Global Security Operations, HR, Facilities, Legal, and Internal Communications).
Support the development and implementation process for validating effectiveness of the ICT controlsRisk Management Environment:
Identification & assessment: Ensure that the identification and assessment of operational risks are effectively done across the organization by correlating input from Audit Findings, Internal Loss Data Collection & Analysis, External Data Collection & Analysis, Risk Control Self Assessments, Business Process Mapping, KPIs & KRIs, Scenario Analysis, and Quantified Measurement & Comparative Analysis.
Monitoring & Reporting: Implement a process to regularly monitoring operational risk profiles and material exposure to losses and provide appropriate reporting mechanisms to the board, senior management and the business lines. Data capture and operational risk reporting should be continuously enhanced and provide a feedback loop to enhance risk management policies, procedures and practices.
Control & Mitigation improve the effectiveness of the Internal Controls programme by reviewing the control environment, risk assessment process, control activities, information and communication and monitoring activities. Assess operational risk response strategies. Validate risk transfer options.
Technical & Behavioral Competencies
Essential
Demonstrated passion towards uncovering control weaknesses in processes and technology.
Results-oriented and strong teammate with excellent analytical, problem solving skills. Outstanding presentation, written and verbal communication skills.
Knowledge of compliance standards like CIS, NIST and GDPR. With high level knowledge of secure development practices and standards such as OWASP.
Proficiency in concepts related to network infrastructures, information system security including emerging threats and attacks methodologies, in particular:
Network security, network equipment configuration, network protocols, network standards, supervision, “Conceptual Skills,” “Decision Making,” “Informing Others,” functional and technical expertise, reliability, information security policy.
Recognized skills for the integration of different security or data protection technologies within a coherent architecture to effectively cover the risks of the company.
Good technical understanding of security technologies, including intrusion detection/prevention, correlation of events, firewall, antivirus, anti-spam, policy tightening, patch management and configuration management, audit, security development technique, etc.
Knowledge of cryptographic standards for encryption, electronic signature, key management infrastructure (PKI).
Conversant with native Platform or Common applications such as (non-exhaustive list): UNIX, Linux, Windows, Oracle, MS SQL, Microsoft Outlook, J2EE and.NET applications…
Knowledge of IT Risk and Control Evaluation
Specific Qualifications(if required)
3 years of experience in risk assessment / controls testing / technical assessments, preferably in the areas of Cyber and Technology domains in a financial institution.
Must be able to interface and coordinate work efficiently and effectively with business partners.
Excellent communication and influencing skills, including ability to articulate complex issues and incorporate feedback.
Good listening and analytical skills ? being able to come to a thoughtful and business focused conclusion quickly.
Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate.
Adapting personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done.
Being rigorous and thorough ? especially when logging and tracking issues through to conclusion.
Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management.
Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business.
Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate.
Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework.
Team player ? focus on the success of the whole team. Working well both with others, as well as individually.
Preferred Qualifications / Certifications :
University degree and/or certification such as CISSP, CISA, ITIL, CISM or CRISC.
Professional qualifications relevant to Risk Management, Information Security and securing emerging technologies such as cloud, mobile, product development lifecycle.
Has the proven ability to think outside of the box, challenge industry norms and adapt quickly to evolving requirements.
Is self-aware, anticipates problems, adapts and meets them head on.
Strong stakeholder management, relationship building, influencing, facilitating and presenting skills.
Is solutions focused ? measures their output on whether issues, problems or challenges are resolved as a criteria for success.
Skills Required
IT Risk Management;risk officer;cyber security;risk security;data security
Location
Mumbai
Years Of Experience
3 to 7 Years
Job Title Network Support Specialist Job Description Network Support Specialist Job Responsibilities:Ensure to close the tickets in adhere SLA Time...
Apply For This JobRequired IT Executive. *Work from home* Requirements: Must be from Mumbai, Thane or Navi Mumbai location. Should have a work...
Apply For This JobJob Family Descriptor Monitor large computer networks and servers for problems from a central location They analyze problems perform troubleshooting...
Apply For This JobJob Description Should have strong experience in SCCM / MECM / Configuration Manager Current Branch version / Intune. Experience in...
Apply For This JobHandle regulatory compliances (w.r.t. Cyber Security) end to end for Bank Act as SPOC for all regulatory ( RBI, NPCI,...
Apply For This JobJob ID: 169697 Required Travel :Minimal Managerial – No Location: India- Pune (Amdocs Site) Who are we? Amdocs helps those...
Apply For This Job