Job Title: Deputy Manager | Risk Assessment and Management | Pune | Cyber Strategy & Transformation
Risk & Controls Review and Testing
This role conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology and Information security (IT/IS) system to determine the overall effectiveness of the IT, Cyber, AI and Cloud controls . Role includes and is not limited to:
Responsibilities include:
Support the client CISO and CIO function in developing IT/IS control library for Access management, Cloud security, Data and Records, Security and monitoring, Data Privacy, vulnerability Management etc.
Design and execute controls testing strategies to evaluate the design adequacy and operating effectiveness of controls.
Testing Approach Review and Process Documentation
-Develop methods to monitor and measure risk, compliance, and assurance efforts.
Create test plan, test scripts etc. to support the delivery of controls assurance objectives.
Prepare detailed testing documentation, workpapers and reports to highlight findings and recommendations.
Collaborate with various departments for control walkthroughs, sampling, evidence collection etc.
Maintain up-to-date knowledge of industry standards and best practices related to controls testing.
Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
Review existing Risk control testing approach and methodology used by client to identify areas for improvement based on IT risk & control frameworks and industry good practices.
Develop templates to facilitate the control testing and the documentation and reporting of the control testing outputs in line with the refined control testing approach and methodology
Liaise with designated stakeholders to identify the prioritized set of controls and document repeatable test scripts for testing design effectiveness (“DE”) and operational effectives (“OE”) of prioritized IT and IS controls.
Review policies, procedure and key operating documents and assist in rationalize the controls for review to identify potential treatment for Control Definitions based where controls remain, then these will flow into the control design adequacy assessment process to uplift the IT/IS control definition documentation.
Perform Control Design Adequacy Assessment of identify controls that require remediation work as well as those that comply to industry good practices (such as COBIT/NIST)
Qualifications
Bachelor’s degree (or equivalent experience) with minimum 7-9 years of experience in IT/IS risk and control testing, Risk and compliance. Preferably with global banking clients.
- ISO 27001, CRISC or CISA Certified Mandatory, CISSP certification Desirable
- Information Systems/Network Security
-Understanding of NIST, ISO, COBIT or equivalent cyber security framework.
- Information Technology Assessment and Risk Management
Knowledge of Internal control concepts (e.g., Preventive Controls; Detective Controls; Anti-Fraud Controls; etc.)
Strong understanding of regulatory requirements and industry best practices related to controls assurance, relevant to global banking risks – such as Information Technology (IT), Information Security (IS), and/ or Data Management
Experience operating in a regulated environment and managing stakeholders across the Three Lines of Defense.