IS Risk Manager

Job Description

• Infosec risk mgmt.
• & application security 1) Execute the process of compliance to application security standard for scoped in enterprise business applications as per defined periodicity.
• 2) Assist and execute PMO activities publish calendar, engage with stakeholders for tech and procedural controls, ensure timely responses with evidence & validate the same, prepare necessary tracker and management d/board, escalation mechanism, refine the associated KRI & threshold/ranges and convene stakeholder meetings as required.
• 3) Assist with review process of compliance to application security standard for scoped inhouse applications (approx.
• 100) and carry out related PMO activities.
• 4) Evaluate Changes (Q-R type ) from risk assessment perspective and provide advisory 5) Process documentation Third Party IS Risk mgmt, governance & merchant Pci Dss compliance a) Develop and periodic review of information security policies, processes, standards and guidelines.
• Oversee the approval and publication of these documents.
• b) To develop metrics and tracking mechanisms for performance monitoring based on maturity assessment reports.
• c) To facilitate comprehensive analysis of the performance posture of ISG function and conduct periodic internal reviews or audits to ensure that compliance procedures are followed d) Assist in responding to internal and external queries for information to meet RBI and other regulatory compliance requirements e) Assist and execute third party risk management program publish calendar for third party assessment, conduct assessment, release assessment report, engage with stakeholders for risk remediation, tech and procedural controls, ensure timely responses with evidence & validate the same, prepare necessary tracker and management d/board, escalation mechanism, refine the associated KRI & threshold/ranges and convene stakeholder meetings as required.
• f) Coordinate & support relevant stakeholders in the channel fraud incident response and related aspects of compliance, policy and rule mgmt.
• of risk engine.
• g) Manage the merchant PCI DSS compliance desk and defined deliverables, track and report on deliverables.
• h) Facilitate providing regulatory advisory to banks merchant services team i) Maintain a dashboard to track status of all strategic and tactical security project throughout their lifecycle and escalate the issues to top management, when necessary.
• j) Assist in formulating InfoSec skill development & training strategy.
• k) Maintaining and timely submission of Senior Management Dashboards.
• l) Assist in preparing and managing security budget.
• m) Developing enterprise security effectiveness criteria covering IT security tools on end points, servers, network.
• BCM and Compliance mgmt.
• As a BCM : Develop and maintain a corporate wide business continuity program / framework that cover disaster recovery, business recovery and emergency response management.
• Develop, produce and update BCP/DR materials and documentation (e.
• g.
• , plans, emergency response procedures, call lists, test results, etc.
• ).
• Work closely with IT to develop/maintain DR plans for critical systems and applications and to ensure that internal recovery sites are updated and functioning properly.
• Liaise with Business Continuity Coordinators within the business to develop effective working relationships and BCPs.
• Develop, maintain and track the DR and BCP test calendar by business functions.
• Assist in with crisis management in the event of a business interruption.
• Be a single point of contact for the management for BCP related activities.
• Analyze and report on implications of regulatory requirements and industry guidance on BCP/DR programs.
• Maintain contact with outside continuity planning professional organizations and local/regional emergency response groups to adopt best practices in the industry As a Compliance Manager be responsible for Internal and External Audits including regulatory assessments.
• This covers understanding audit scope and requirements, identifying data / evidence owners, obtaining evidences from evidences owners, submitting evidences to auditors discussions with auditors for providing clarifications, additional evidences as per audit requirements understanding audit observations, obtaining management response from Unit / Function Heads and timely submission of the same to auditors for compliance, closure of observations / audit reports.
• Create awareness among IT teams for better compliance to IT and Information Security policies and processes for achieving and enhancing compliance level Responsible for submission of following regulatory reports: Quarterly RBI Return on DR, BCP and VAPT status Following IT Notes submissions for IT Strategy Committee and Board meetings i.
• Technology Architecture Review and ii.
• Review of major initiatives and preparedness in IT The above includes collection of required data from various IT teams, validating and drafting of the notes, conducting review with FHs, Vertical Heads and the CIO for finalization and timely submission Responsible for submission of RBI-RBS submissions pertaining to the Core IT Systems, Downtime and Data Patches.
Skills
• 1. Good written and spoken communication skills.
• Good analytical and problem solving skills
• Dedication to work & goal defined which is in line with department & organization goals and complete the task & goals defined as per timeline.
• Independent
• Communicate effectively the risks highlighted which can be actioned at appropriate levels.
• a) 2. Advanced understanding of Global IT security standards, PCI Standards and relevant legal compliance aspects
• b) Demonstrated knowledge of information security, software, applications, mobility, web technologies and IT infrastructure
• c) Broad knowledge of many functional business areas
• d) Understanding of regulatory reporting functions and processes
• e) Strong ability to self-direct work and area of focus, and to establish appropriate timelines and execution.
• f) Excellent written and verbal communication skills
• g) Ability to present technical information to non-technical persons
• h) Relationship management skills and ability to interface confidently with colleagues at all levels
• i) Ability to be adaptable and flexible in responding to deadlines and workflow fluctuations
• 3. Minimum 9 years of experience in managing or conducting Information Security / IT audits
• Minimum 9 years of experience in IT and Information Security compliance management
• Working knowledge on IT Operations management and Information Security best practices management
• Preferably should have worked in a Banking / Regulatory environment
,

Keyskills :
it auditit operations managementpci dss