Key Accountabilities :
Technology Risk Management Framework:
- Review and provide inputs on IT risk management framework to ensure efficiency and effectiveness of the process performance
- Review and provide inputs on technology policies, processes & standards to ensure proper coverage of technology controls and metrics
- Conduct regular reviews and assessments to assess adherence to Group policies and standards for effective implementation within Group Technology (GT)
- Review and provide input on standard technology risk and control library
- Implement the cyber risk assessment model and analysis approaches
- Conduct various assurance initiatives and internal reviews across GT
- Identify and implement control automation initiatives across GT
- Participate in conducting due diligence of cloud service providers and ongoing cloud service providers assessments.
- Assess cloud solutions and determine risk of technology architecture, implementation, and suitability for the organization.
- Review cloud service providers contracts for compliance with Group policies/processes and ensure relevant controls are considered in the contract with cloud service providers.
- Assess the risk implications of digital innovation and its impact on technology risk profile of the bank. Provide recommendations to optimize the risks and ensure technology policy and process alignment.
- Conduct in-depth technical security reviews, risk assessments, and architecture reviews for Cloud based technologies and solutions to ensure alignment with information security policies and technology guidelines.
- Provide inputs to development and maintenance of policies, frameworks, methods and standards for the DevOps and agile practices.
- Ensure risk and security control requirements are considered during the early stages of the development lifecycle
- Review possible bottlenecks of running the application in production and suggest service improvement plans.
Technology Risk Identification & Assessments:
- Work with service teams on various risk and control assessments activities and ensure technology risks are managed as per FAB policies and standards.
- Participate in Project & Change reviews to ensure appropriate treatment of technology risks.
- Execute periodic risk assessment activities to identify vulnerabilities, threats and control effectiveness.
- Assess the severity of each risk by assessing likelihood and impact. Work with stakeholders on the residual risk ratings and potential risk exposure.
Technology Risk Treatment & Review:
- Support development of risk treatment strategies to maintain the bank’s risk posture at the desired level.
- Ensure proper implementation of risk treatment options such as mitigation, transfer, acceptance etc. and help IT teams in mitigation or acceptance of risks/issues.
Technology Risk Monitoring & Reporting:
- Review risk items and define Key Risk Indicators (KRI) to monitor high risk areas.
- Produce periodic risk profile reports and KRI reports to senior management.
Work with technology teams to review Major incidents Reports and identify risk/control measures to prevent incident reoccurrence.
Knowledge, Skills & Experience :
Knowledge & Experience:
- 8 - 10 years of working experience in IT Security, Risk and Governance practices.
- Knowledge and expertise in virtualization and cloud computing environments (different cloud models and types).
- Hands on experience in using various Cloud Security best practices such as Cloud Security Alliance (CSA) guidelines and National Institute of Standards and Technology (NIST) guidelines.
- Demonstrated experience in conducting technical risk assessments for various Cloud platforms.
- Good understanding of process models and industry standards relating to IT Security, Risk and Governance.
- Good understanding of security and risk management in financial institutions.
- Excellent interpersonal skills and good oral and written communication skills.
- Achievement of industry recognized certifications such as CISSP, CRISC, CCSP, CCSK, CISA etc.
- Achievement of AWS and Azure cloud certifications is preferable.