Cyber Security – GRC ORM Engagement
Overall Brief Description:
Overall a candidate must be having experience in GRC (Governance, Risk & Control Function) managing Risk Posture of IT. IT deals with internal stakeholders like Business, Compliance and 2nd Line of Defense control functions such as Operational Risk Management unit, Internal Audit and Information Security. In addition to it, IT deals with external stakeholders like OEMs, Vendors, various Regulatory and Compliance bodies to ensure the compliance on processes, Information Security guidelines, Regulatory guidelines are complied with at any given point in time with an objective to protect Information assets from various internal/external threats.
The GRC Officer, being integral part of BDTS (IT) as first Level of defense responsible to ensure active participation in various Risk Reviews, Risk assessment and remediation in joint venture with IT (BDTS). The overall knowledge of Risk Management managing IT Risk in context of Operational Risk Management such as RCSAs reviews, ORE (operational Risk Events), VRR (Vendor Risk Reviews) Tier Classification of Banks’ estate and understanding of overall ORM (Operational Risk MGMT policies) from governance and compliance perspective.
Responsibility /Purpose for the Position:
The GRC Officer shall be responsible for supporting Bank’s IT Control environment by ensuring that –
- Policies, Processes (SOPs) and Procedures are reviewed to ensure they are well defined and updated as per review cycle in line with Various Bank’s Operational Risk Management Policies.
- Risks are identified and Managed end-to-end ie from Identification to tracking/monitoring until Risk is remediated. (Control assurance/Testing).
- Risk SME – To front end with Operational Risk Management Unit and BDTS (IT) in various Risk Reviews (RCSAs) initiated by ORM (Operational Risk MGMT) unit. Effective engagement with IT SME / control owners in various Application/Infrastructure walkthroughs and data gathering phase, reviewing initial observations as published by ORM unit. Analysis of Risk Materialization along with Risk assessment for severity as identified against each observation issued by ORM unit and drafting a response against the same.
- Review Risk Library as created and managed by ORM unit as pre-cursor activity to analyze and use for continuous improvement and optimization.
- Review ORE (Operational Risk Reviews) as identified by ORM unit for BDTS (IT). Monitoring/tracking until all identified Actions are being completed well before due date.
- Periodic meeting with Problem MGMT team for RCA reviews and updates.
- Periodic review Tier Classification of Application/Infrastructure along with BDTS (IT) SME, ORM unit /BCM team, and DR MGMT unit.
- Publish Dashboard to BDTS (IT) stakeholders with recent updates as captured in GRC tracker and periodic discussion meeting with stakeholders as a part of overall governance to ensure proper tracking of all open issues until closure well before due date.
- KRI Submissions – Monthly KRI submission to ORM. Efforts to be put in towards internal co-ordination with IT (BDTS) to seek inputs against each KRI, review it and submit.
- Basic knowledge & understanding of latest technology, cloud platforms on Infrastructure side
- Basic knowledge and understanding of Application design/Architecture, support etc.
- Good Analytical skill
- Basic knowledge and understanding of GRC function / Risk mgmt. concepts.
- Good verbal/written communication with an ability to communicate with stakeholders in Risk Language.
- Willing to take new challenges as and when any ad-hoc projects/engagement given
- Work in dynamic and high-pressure environment desired.
- Moderately proficient in MS-Office.
- BE (any Stream),
- Certificates like ISO 27001 LA, ISO 27001 LI, CISA will be added advantage
- Should be aware of IT infrastructure , Server and other devices management skills and related risks
Note: we are looking to hire candidates willing to join us Immediately or in one month notice