Job Title:  Senior Consultant | ServiceNow | Mumbai | ServiceNow

Job Description: Senior Consultant – Information Risk Management (IRM) - Financial Services

Key Responsibilities

1. Risk Identification & Assessment

Conduct risk assessments across financial systems, including core banking, trading platforms, and payment gateways.

Identify vulnerabilities and threats specific to financial data, transactions, and customer information.

2. Regulatory Compliance & Advisory

Ensure compliance with financial regulations such as RBI guidelines, SEBI norms, PCI-DSS, and global standards like Basel III, GDPR, and SOX.

Advise clients on regulatory changes and their impact on information risk posture.

3. Policy & Framework Development

Develop and implement IRM frameworks aligned with financial industry standards.

Create policies for data protection, fraud prevention, and secure transaction processing.

4. Client Consulting & Stakeholder Engagement

Serve as a strategic advisor to banks, NBFCs, and financial institutions on IRM initiatives.

Lead client meetings, workshops, and executive briefings to communicate risk insights and solutions.

5. Security Controls & Governance

Design and evaluate controls for high-risk areas such as online banking, mobile payments, and financial APIs.

Support governance programs including third-party risk management and insider threat mitigation.

6. Technology & Tools Expertise

Utilize GRC platforms (e.g., RSA Archer, ServiceNow GRC) and financial risk tools.

Leverage data analytics and automation to monitor risk indicators and generate actionable insights.

7. Incident Response & Crisis Management

Lead investigations into security incidents involving financial data breaches or fraud.

Develop and test incident response plans tailored to financial operations.

8. Project Leadership

Manage IRM projects such as risk remediation, control implementation, and audit support.

Coordinate with IT, compliance, and business units to ensure project alignment and success.

9. Training & Awareness

Conduct training for financial staff on secure practices, phishing awareness, and regulatory compliance.

Promote a culture of risk awareness across financial operations.

10. Reporting & Documentation

Prepare risk dashboards, audit reports, and compliance summaries for senior management and regulators.

Maintain documentation for risk assessments, control testing, and remediation activities.

Required Qualifications

Bachelor’s degree in Information Security, Computer Science, Finance, or related field.

Master’s degree or MBA (preferred), especially with a focus on Risk Management or Financial Services.

Professional certifications such as:

CISA (Certified Information Systems Auditor)

CISM (Certified Information Security Manager)

CRISC (Certified in Risk and Information Systems Control)

CISSP (Certified Information Systems Security Professional)

ISO 27001 Lead Implementer/Auditor

5–8 years of experience in Information Risk Management, preferably within the financial sector.

Experience working with financial institutions, banks, NBFCs, or fintech companies.

Required Skills

Domain Expertise: Strong understanding of financial services operations, products, and regulatory landscape.

Risk & Compliance Knowledge: Familiarity with RBI, SEBI, PCI-DSS, GDPR, SOX, and Basel III requirements.

Technical Proficiency: Hands-on experience with GRC tools (e.g., RSA Archer, ServiceNow GRC), risk analytics, and cybersecurity controls.

Analytical Thinking: Ability to assess complex risk scenarios and propose actionable solutions.

Communication Skills: Excellent written and verbal communication for client interactions, reporting, and training.

Project Management: Capable of leading cross-functional teams and managing multiple IRM projects simultaneously.

Problem Solving: Strong troubleshooting and incident response capabilities.

Stakeholder Management: Experience engaging with senior leadership, regulators, and audit teams.