Job Details

 

Sr Analyst - Tech Risk, Governance & Compliance

  • 6 - 10 years
  • Bengaluru/Bangalore
Industry :
IT-Software / Software Services
Functional Area :
IT Software - Application Programme, Maintenance
submit your CV

Quote job ref: 215183

Job Description

Key Accountabilities :

Technology Risk Management Framework:

  • Review and provide inputs on IT risk management framework to ensure efficiency and effectiveness of the process performance
  • Review and provide inputs on technology policies, processes & standards to ensure proper coverage of technology controls and metrics
  • Conduct regular reviews and assessments to assess adherence to Group policies and standards for effective implementation within Group Technology (GT)
  • Review and provide input on standard technology risk and control library
  • Implement the cyber risk assessment model and analysis approaches
  • Conduct various assurance initiatives and internal reviews across GT
  • Identify and implement control automation initiatives across GT

Cloud Management

  • Participate in conducting due diligence of cloud service providers and ongoing cloud service providers assessments.
  • Assess cloud solutions and determine risk of technology architecture, implementation, and suitability for the organization.
  • Review cloud service providers contracts for compliance with Group policies/processes and ensure relevant controls are considered in the contract with cloud service providers.
  • Assess the risk implications of digital innovation and its impact on technology risk profile of the bank. Provide recommendations to optimize the risks and ensure technology policy and process alignment.
  • Conduct in-depth technical security reviews, risk assessments, and architecture reviews for Cloud based technologies and solutions to ensure alignment with information security policies and technology guidelines.

DevOps/DevSecOps/Agile Practices

  • Provide inputs to development and maintenance of policies, frameworks, methods and standards for the DevOps and agile practices.
  • Ensure risk and security control requirements are considered during the early stages of the development lifecycle
  • Review possible bottlenecks of running the application in production and suggest service improvement plans.

Technology Risk Identification & Assessments:

  • Work with service teams on various risk and control assessments activities and ensure technology risks are managed as per FAB policies and standards.
  • Participate in Project & Change reviews to ensure appropriate treatment of technology risks.
  • Execute periodic risk assessment activities to identify vulnerabilities, threats and control effectiveness.
  • Assess the severity of each risk by assessing likelihood and impact. Work with stakeholders on the residual risk ratings and potential risk exposure.

Technology Risk Treatment & Review:

  • Support development of risk treatment strategies to maintain the bank’s risk posture at the desired level.
  • Ensure proper implementation of risk treatment options such as mitigation, transfer, acceptance etc. and help IT teams in mitigation or acceptance of risks/issues.

Technology Risk Monitoring & Reporting:

  • Review risk items and define Key Risk Indicators (KRI) to monitor high risk areas.
  • Produce periodic risk profile reports and KRI reports to senior management.

Work with technology teams to review Major incidents Reports and identify risk/control measures to prevent incident reoccurrence.

Qualifications

Knowledge, Skills & Experience :

Knowledge & Experience:

  • 8 - 10 years of working experience in IT Security, Risk and Governance practices.
  • Knowledge and expertise in virtualization and cloud computing environments (different cloud models and types).
  • Hands on experience in using various Cloud Security best practices such as Cloud Security Alliance (CSA) guidelines and National Institute of Standards and Technology (NIST) guidelines.
  • Demonstrated experience in conducting technical risk assessments for various Cloud platforms.
  • Good understanding of process models and industry standards relating to IT Security, Risk and Governance.
  • Good understanding of security and risk management in financial institutions.
  • Excellent interpersonal skills and good oral and written communication skills.
  • Achievement of industry recognized certifications such as CISSP, CRISC, CCSP, CCSK, CISA etc.
  • Achievement of AWS and Azure cloud certifications is preferable.
Key Skills
IT Risk
Governance. compliance
cloud security
Education
  • B.Tech/B.E.
submit your CV