IT Risk Manager/Sr Manager

IT GRC

Responsibilities:

The incumbent is responsible for the following:

A) IT- Governance: Experience in

• Utilizing processes, frameworks, and decision-making mechanisms to direct and control the use of IT within an organization.

• Establishment of Policies, Procedures, and Controls: Setting clear guidelines for ITrelated activities and decisions, ensuring consistency and adherence to best practices and legal requirements.

• Effective Communication and Collaboration: Facilitating strong communication and collaboration across various departments, teams, and organizational stakeholders.

• Stakeholder Engagement: Fostering involvement, engagement, and informed participation from relevant stakeholders in IT decision-making processes.

• Accountability and Defined Roles: Ensuring clarity regarding who is responsible for specific IT decisions, actions, and outcomes.

• Comprehensive Risk Management: Incorporating practices such as regular risk assessments, mitigation strategies, and ongoing monitoring to manage IT risks.

• Optimization of IT Resource Utilization: Ensuring efficient use of IT resources to maximize the organization's benefits.

• Mitigation of IT Adoption Risks: Addressing potential risks associated with technology adoption, including security, compliance, operational, and financial risks. B) IT Risk Management: Experience in

• GRC delivery engagements and executing advisory & consulting projects around Risk & Compliances such as SOX ITGC, HIPAA, GDPR -EU/Data Privacy (DPO).

• Executing IT security assessment, risk assessments pertaining to clients IT environment.

• Executing technical risk assessments around applications, control testing on premise and for Cloud environment etc. pg. 2

• Executing activities like data discovery, privacy & security impact analysis and propose process and technical solutions.

• Documenting policies & procedures meeting the regulatory compliance and risk management requirements.

• Developing knowledge base, re-usable components for GRC advisory services

• Development and enhancements of GRC services, team and delivery capabilities.

• Identification of threats and risk exposures • Monitoring of the implementation of corresponding mitigating controls • Various GRC tools usage like. (Riskonnect, ServiceNow, MetricStream) C) IT Compliance Programs & Quality Management:

• Design, implement, manage and improve quality and compliance programs across the organization.

• Manage compliance and improve business processes and operations by supporting a program of internal audits and external assessments against adopted standards (e.g., COBIT, ISO20000, ISO27000, ISO22301, ITSM etc.)

• Perform and/or manage internal reviews of Projects and Services against the industry standards adopted by the organization.

• Document and perform quality and compliance review and testing procedures.

• Business Processes and Controls: o Support the design, implementation, monitoring and continuous improvement of sound business processes across the organization. o Conduct reviews and monitor compliance with approved business processes and control frameworks. o Using the Continuous Improvement Process, identify processes requiring improvement, coordinate prioritization and implementation of these improvements using appropriate tools and techniques.

• Co-ordinate activities for fulfilling requirements of internal and external audits or assessments.

• Prepare relevant reports for to the Senior Management pg. 3 Experience and Skills required:

Essential:

• 15-18 Overall years of relevant experience in implementing, managing, reviewing and improving internal controls for governance, compliance and quality, IT audits, or assurance and risk management programs in Global Shared Services/Captive unit environment.

• IT risk management experience is a must.

• Demonstrated ability to work with and report to a governance board (i.e., Audit /Risk committee or similar)

• Highly proficient in IT Risk, compliance and audit methodologies, especially but not limited to those applicable in IT environments.

• Experience in business process and control optimization, preferably within an IT organization

• Proficient in IT governance and quality standards

• Experience writing high quality documentation and reports.

• Excellent comprehension of internal controls requirements and implications.

• Demonstrated ability to work in multicultural and diverse environments. Desirable:

• Good knowledge of IT Application & Infrastructure operations.

• Knowledge of regulatory compliances such as SOX, PCI etc.

• Good knowledge of Risk Management and Control Auditing principles

• Knowledge of Data Privacy Requirements and Cyber Laws.

• Knowledge of IT Security, physical and environmental security and HR security controls. Education: Essential:

• Bachelors/ Masters degree, or equivalent, in Business Management, Information Technology Management or related field

• Good understanding of various IS standards, framework such as ISO27001, PCIDSS, HIPAA, NIST, SOC/SSAE16 Standards & ISO27005, ISO 22301 Guidelines

• Certified in risk management (ISO31000, ISO27005), CISA/CISM, BCMS/BCP-DR