Job Description:
The GRC analyst plays an integral part in the development, implementation, and compliance of information risk management across the enterprise. The analyst is responsible for managing risks related to the use of Information Technology, Information Security, Privacy, Regulatory Compliance and Governance.
Responsibilities:
- The person is responsible for managing risks related to the use of information technology, Information security, privacy, regulatory compliance and governance.
- Serve as a subject matter expert to ensure and monitor compliance with Regulatory Requirements.
- Work closely with Information security teams to conduct gap analysis and implement Frameworks/Standards like ISO 27001, Privacy, GDPR, PDPB etc.
- Develop and revise Policies, Standards, Processes and Guidelines periodically.
- Assess design effectiveness and continually monitor operating effectiveness of controls Track and monitor Risk Treatment plans
- Understand the trade-offs required to manage different levels of risk tolerance and risk exposure across the organization and be able to communicate to responsible team members
- Advise business-led technology projects on IT risk awareness and standards compliance
Experience:
Analyzing and applying Information Security, Risk Management, and Privacy practices or Policies for minimum of 10-15 years of experience in the following:
- Experience of working on GRC tools like ServiceNow/ Archer/ MetricStream
- Risk Analytics experience within finance and/or IT Threat, Vulnerability, Business Continuity, and Risk Assessment
- National and International Regulatory Compliances and Frameworks such as NIST Cyber Security Framework, ISO, PCI DSS, GDPR etc.
- CEH, ECIH, CRISC, CISA or CISSP Certifications preferred
- In depth knowledge of IT Security Management risk practices
Soft skills requirements:
- Ability to define and communicate risk in business-relevant language
- Excellent verbal and written communication skills
- Ability to react to high pressure dynamic changing environments
- Ability to communicate IT risk concepts to non-technical people
- Strong problem solving and analytical skills
Qualification:
- BE (any Stream),
- Certificates like ISO 27001 LA, ISO 27001 LI, CISA will be added advantage
- Should be aware of IT infrastructure , Server and other devices management skills and related risks
- Understanding of Regulatory requirements like RBI, Advisories, GDPR, PDPB etc..
Note: we are looking to hire candidates willing to join us Immediately or in one month notice
Job description:
Governance, Risk and Compliance: To support in Governance, Risk and Compliance function for Technology (BDTS) function.
Regulatory advisories, alerts, questionnaire, circulars, communiques, releases, publications etc.
- Knowledge of various regulatory advisories, alerts, questionnaire, circulars, communiques, releases, publications etc. from RBI, CSITE, NPCI, BSE, NSE, SEBI, CDSL, NSDL, NCIIPC, FIMMDA, MHA and others.- Reviewing and Understanding above for their applicability to Technology department (BDTS) and assigning them within internal stakeholders for compliance thereto.
- Maintaining MIS of every above communication received from bank’s Compliance Department.
- Follow up with internal stakeholders and gathering of artefacts/evidences to corroborating the regulatory ask in the said advisories, alerts, questionnaire, circulars, communiques, releases, publications etc.
- Management of compliance and storing of artefacts / evidences for easy reference over the period.
- Ensuring our department (BDTS) submissions to advisories, alerts, questionnaire, circulars, communiques, releases, publications etc. are within timelines, without any exceptions.
Monitoring and Compliance to Observations/Actionable under IT Examination, RBS RAR, RBI CSITE, Reg Communications and Audits
- Ongoing tracking of open observations or actionable arose out of IT Examination, RBS RAR, RBI CSITE, Regulatory Communications and Audits.
- Maintaining MIS of every above communication received from bank’s Compliance Department and updation on SharePoint.
- Follow up with internal stakeholders and gathering of artefacts/evidences for those which are due for closure and submission with Compliance thereto before timelines, without any exceptions.
- Management of compliance and storing of artefacts / evidences for easy reference over the period.
- Gathering recent updates on progress of said actionable from internal stakeholders and proper documentation on SharePoint.
- Monthly updates to Compliance on status of all open observations before timelines.
Management Updates – IT Strategy Committee, IT Steering Committee and Board Meeting
- Summarization and Preparation of BDTS Risk, Governance and Compliance dashboards, which is outcome of above detailed tasks.
- Required for Monthly IT Steering Committee and quarterly IT Strategy Committee and Board Meeting.
- Management and documentation of above agendas and meeting for easy reference over the period or as required by regulators.
Qualification:
- BE (any Stream),
- Certificates like ISO 27001 LA, ISO 27001 LI, CISA will be added advantage
- Should be aware of IT infrastructure , Server and other devices management skills and related risks
Note: we are looking to hire candidates willing to join us Immediately or in one month notice
Overall Brief Description:
Overall a candidate must be having experience in GRC (Governance, Risk & Control Function) managing Risk Posture of IT. IT deals with internal stakeholders like Business, Compliance and 2nd Line of Defense control functions such as Operational Risk Management unit, Internal Audit and Information Security. In addition to it, IT deals with external stakeholders like OEMs, Vendors, various Regulatory and Compliance bodies to ensure the compliance on processes, Information Security guidelines, Regulatory guidelines are complied with at any given point in time with an objective to protect Information assets from various internal/external threats.
Job Description:
The GRC Officer, being integral part of BDTS (IT) as first Level of defense responsible to ensure active participation in various Risk Reviews, Risk assessment and remediation in joint venture with IT (BDTS). The overall knowledge of Risk Management managing IT Risk in context of Operational Risk Management such as RCSAs reviews, ORE (operational Risk Events), VRR (Vendor Risk Reviews) Tier Classification of Banks’ estate and understanding of overall ORM (Operational Risk MGMT policies) from governance and compliance perspective.
Responsibility /Purpose for the Position:
The GRC Officer shall be responsible for supporting Bank’s IT Control environment by ensuring that –
- Policies, Processes (SOPs) and Procedures are reviewed to ensure they are well defined and updated as per review cycle in line with Various Bank’s Operational Risk Management Policies.
- Risks are identified and Managed end-to-end ie from Identification to tracking/monitoring until Risk is remediated. (Control assurance/Testing).
- Risk SME – To front end with Operational Risk Management Unit and BDTS (IT) in various Risk Reviews (RCSAs) initiated by ORM (Operational Risk MGMT) unit. Effective engagement with IT SME / control owners in various Application/Infrastructure walkthroughs and data gathering phase, reviewing initial observations as published by ORM unit. Analysis of Risk Materialization along with Risk assessment for severity as identified against each observation issued by ORM unit and drafting a response against the same.
- Review Risk Library as created and managed by ORM unit as pre-cursor activity to analyze and use for continuous improvement and optimization.
- Review ORE (Operational Risk Reviews) as identified by ORM unit for BDTS (IT). Monitoring/tracking until all identified Actions are being completed well before due date.
- Periodic meeting with Problem MGMT team for RCA reviews and updates.
- Periodic review Tier Classification of Application/Infrastructure along with BDTS (IT) SME, ORM unit /BCM team, and DR MGMT unit.
- Publish Dashboard to BDTS (IT) stakeholders with recent updates as captured in GRC tracker and periodic discussion meeting with stakeholders as a part of overall governance to ensure proper tracking of all open issues until closure well before due date.
- KRI Submissions – Monthly KRI submission to ORM. Efforts to be put in towards internal co-ordination with IT (BDTS) to seek inputs against each KRI, review it and submit.
Minimum Skillset:
- Basic knowledge & understanding of latest technology, cloud platforms on Infrastructure side
- Basic knowledge and understanding of Application design/Architecture, support etc.
- Good Analytical skill
- Basic knowledge and understanding of GRC function / Risk mgmt. concepts.
- Good verbal/written communication with an ability to communicate with stakeholders in Risk Language.
- Willing to take new challenges as and when any ad-hoc projects/engagement given
- Work in dynamic and high-pressure environment desired.
- Moderately proficient in MS-Office.
Qualification:
- BE (any Stream),
- Certificates like ISO 27001 LA, ISO 27001 LI, CISA will be added advantage
- Should be aware of IT infrastructure , Server and other devices management skills and related risks
Note: we are looking to hire candidates willing to join us Immediately or in one month notice