![AQM Technologies Pvt Ltd Logo](https://storage.hirehive.com/user/Company_10222/aqm_logo_3_.jpg?sv=2023-11-03&st=2024-04-29T15%3A34%3A19Z&se=2024-07-28T15%3A34%3A19Z&sr=b&sp=r&rscd=inline%3Bfilename%3D"aqm_logo_3_.jpg"&sig=uPc90BfH7skMRVBWFy6HtlIqvZDqsT%2BC18wDZXOS36I%3D){kind=logo}
Detailed Job Description
Overall Responsibilities
Effectively manage technology risk for Business & Digital Technology Solutions Group (BDTS). Coordinate with internal team on mitigation of IT related business risk including implementation of strong controls. The individual is expected to be able to communicate effectively with senior management, audit and risk managers both verbally and written in a variety of situations including one to one, committee meetings, and formal presentations.
· Supporting the development of the Technology Risk (Information System Risk, Operational Errors due to Technology, Root Cause Analysis, IT Security Risk, Third Party Information System Risk, Technology Vendor Risk, Impact Analysis for Risks at granular level for Technology Incidents and Problems, etc) framework, applications, databases, products and services, effectiveness of processes, procedures and frameworks;
· Taking ownership of delivery of key reports;
· Enhancing specific aspects of the IT risk framework as required; and
· Providing advice and guidance to the Technology stakeholders on risk and control matters
Key Areas of responsibilities
· Technology Risk Management –
- Liaising with Operational Risk team on Risk and Control Self-Assessment (RCSA), Key Risk Indicators (KRI), Key Performance Indicators (KPI), operational errors/incidents, risk acceptances and operational risk events on behalf of the BDTS for tracking, appropriate action and closure
- Coordinate with various functions within BDTS and other department to collate and check all RBI data required as part of Risk based supervision
- Liaising with Technology teams for Information System Risk, Operational Errors due to Technology, Root Cause Analysis, IT Security Risk, Impact Analysis for Risks at granular level for Technology Incidents and Problems, etc
- Liaising with Technology Vendors for Third Party Information System Risk, Technology Vendor Risk
- Review and draft all technology related policies, coordinate with various functions within BDTS and assist them in drafting various processes.
- Working with Technology stakeholders (including Production Support and Development teams) to identify the top technology IT risks impacting the Bank and formulating appropriate remediation strategies based on full understanding of business exposure and compensating controls.
- Executing IT risk assessment reviews, identifying controls gaps and working in collaboration with subject matter experts to devise appropriate mitigation plans.
- Identifying key risk trends, issues and other insights requiring further investigation and following up with Technology as appropriate.
- Providing support and challenge on aspects such as the Risk and Control Self-Assessment (RCSA) and formulation of controls;
- Providing independent expert advice to the IT areas on operational risk issues
- Engaging with risk and control groups, including internal audit and control teams
- Initiate processes for automation of Risk Reporting and Risk Capturing
- Maintain and Update Technology Risk database with appropriate status
- Review of gains, losses, near misses and opportunity costs where IT is root cause. Ensuring information documented is of sufficient standard and includes relevant action plans before submission and approval in group operational risk system.
Essential Skills/Experience/Qualification
· A bachelor’s degree with minimum 4-5 years’ experience in technology/information risk management and governance or associated control function (e.g. Op Risk/Audit/SOX/Technology Risk Management) preferably in financial services institutions.
· Subject matter expert on Technology and Information Risk management. Strong understanding of the industry wide best practices, policies & procedures, techniques in the area of risk management
· Solid understanding of internal risk and control concept (e.g. Risk and Control Self-Assessment and Key Risk Indicators) and analytical skills to identify weakness and root causes and provide effective and efficient recommendations to address issues
· Understanding and/or qualification in IT Risk and Governance frameworks and standards (e.g. COBIT, ITIL, ISO etc.).
· Sound presentation skills including the ability to communicate risk posture, audit finding clearly and concisely. Ability to draft high quality written products that are comprehensive, accurate, and tailored to the audience.
· Proficiency in MS Office and related applications (Word, Excel, PowerPoint, Visio and SharePoint).
· Self-starter with ability to manage workload and tasks independently.
· Strong written and oral communication skills and the ability to interact with senior management.
· Project management skills to monitor and track projects effectively
· Ability to work effectively under pressure, tight schedules and flexible hours
· Excellent judgment and proven decision making skills
· Ability to be both an effective listener and influencer is a plus
· Good understanding of IT and its operational setup in banking is a plus
· Preferred background are Risk Management Assessment / Audit/Control Self-Assessment/Information Security experience
Qualifications:
· Desired to have one of the professional qualification such as CRISC/CISM/CISA/CISSP certification
· Knowledge of regulatory compliance e.g. SOX, BASEL3
· Knowledge of Process & Quality management