Information Security Quality Assurance Lead Analyst

Job Description

The Assessment & Assurance department sits within the Cybersecurity & Technology Controls (CTC) Governance & Controls group and owns the Risk Assessment & Measurement product.As an independent function within Assessment & Assurance, the Quality Assurance ( QA ) Team is responsible for:

• Defining a technology quality management program that defines, measures and monitors quality and supports continuous improvement in line with firmwide requirements.
• Developing and conducting a continuous quality testing program against internal and regulatory requirements to ensure quality, completeness and accuracy of technology assessments delivered, including pre-closure review of significant issues and findings.
• Specifically on the centralized assessment execution model that strives to optimize control testing processes and drive efficiencies, the QA Team is integral to ensuring that the centralized assessments meet the quality requirements from internal and regulatory requirements aspects.

This position is part of the global QA Team and will be based in either Bengaluru or Hyderabad, India.Primary Responsibilities

• Lead and perform independent QA review activities to validate quality, completeness and accuracy of technology assessments delivered, including pre-closure review of significant issues and findings stemming from these assessments
• Lead analysis on QA review findings performed to discern trends and focus areas for appropriate management
• Develop components of the technology quality management program that includes (but not limited to) framework, methodology, policy, standard, guidelines, and QA testing runbooks
• Actively cross-train in application of QA methodology and practices across technology assessments
• Actively develop methods for team effectiveness; questions and investigates the reliability and integrity of data, the validity of conclusions, and the appropriateness of assumptions made
• Work with appropriate stakeholders (e.g. assessment leads and Information Security Managers (ISMs)) to identify meaningful improvement and operational excellence opportunities related to assessment quality, assessment process and the QA program.
• Effectively communicate findings and reasonable practices to, and build and maintain meaningful collaborations with, appropriate stakeholders
• Effectively supports the teams collective mission and objectives through personal accountability over work tasks and business results
• Actively support continuous internal education practices with peers and colleagues in subject matter areas related to information security, quality assurance, and technology risk management.
• Participate in additional key risk and control projects related to the enhancement of technology risk assessment and measurement programs

Qualifications:

• At least 10 years experience in information security/ technology risk management/ assurance services/ quality assurance/ risk & control assessments, with a good amount of exposure in designing and evaluating technology processes, risks and controls (including at least 3 years experience in executing risk & control assessments and testing)
• Possesses good amount of hands-on experience in technology risk & control testing/ audit, with an inclination towards regulatory requirements and operational risk management frameworks
• Good understanding of technology risks
• Understands quality management fundamentals (including exposure at identifying, developing and negotiating quality requirements, procedures and measurements)
• Adept at task prioritization and ensuring deadlines are consistently met in a high-pressure, multi-stakeholder environment whilst maintaining high quality work
• Proficient at investigating issues to determine root causes and implications, associated threats and also collaborate with internal stakeholders tin managing technology risk and evaluating controls
• Proficient at identifying internal stakeholder needs and requirements, and balancing the voice of the customer (VOC) with firmwide risk and control requirements whilst maintaining functional independence
• Strong communication skills, both verbal and written, and has the ability to negotiate a challenging situation with ease and proficiency
• Proficient with Microsoft Office product suite, including Project and Visio
• Proven track record of teamwork, collaborating with stakeholders/ customers and driving initiatives
• Proactive attitude that contributes towards adhering to the firm s policies, standards and control requirements
• Knowledge of and also experience with working with key regulations and technology best practices applicable to the financial sector, e.g. Sarbanes-Oxley, Payment Card Industry Data Security Standard, etc.
• Has attained at least 1 relevant professional certification, e.g. CISA/ CRISC/ CRMA/ Six Sigma/ Lean Kanban/ PMI-RMP
• Preferred qualifications and experiences but not mandatory:
• Familiarity with the firms technology risk, control and/or compliance assessments and processes
• Experience with building a new team and driving new initiatives with respect to technology risk/ control identification, assessment, treatment, and monitoring
• Familiarity with JIRA and Agile personas.

,

Keyskills :
qualityassurancetestcasesautomationcomplianceqatestingdatasecurityriskmanagementriskassessmentramewvoiceofthecustomeritemresponsetheoperationalriskmanagementcontroltesting