Senior Analyst- Technology Risk Management

Bangalore, India

Apply now Apply later

Company Description

AB, the UAE's largest bank and one of the world's most secure financial institutions, is dedicated to creating value for its employees, customers, shareholders, and communities. Through innovation, agility, and differentiation, FAB is committed to fostering growth.

FAB GBS India is looking for top talent and your success is our success. Accelerate your growth as you help us reach our goals and advance your career. Be ready to make your mark a top company, in an exciting and dynamic industry. 

Job Description

Job Purpose:

Candidate will work with VP, Head of Service Risk, AO & Digital Platforms to ensure GRC Operational activities are executed as per the agreed timelines in line with the requirements.

Key Accountabilities:

GRC Operations 

  • Implement GRC activity oversight mechanism across the unit and ensure implementation of proper tracking & reporting systems.  
  • Track and complete GT BIA/BCP related requirements as per the GBCM timelines. 
  • Track, monitor and report GT related periodic UAE regulatory requests & reporting. 
  • Actively work with the team to improve GT Risk Remediation activities and implement proper governance mechanisms. 
  • Ensure timely completion of IT Risk Operations activities.  
  • Manage Data Leakage Prevention (DLP) notifications and implement improvement initiatives to optimize the monitoring policies.
  • Ensure timely remediation of DLP alerts and necessary actions as per the organization policies. 
  • Act as a point of contact for GIA for TechGRC audit activities.  
  • Implement proper tracking mechanism for Operational Risk Incidents to ensure compliance with GORM policies.  
  • Ensure all the GRC systems used by 3 lines of defense are in sync and execute periodic reconciliation activities. 
  • Work with the teams to have definitive plans for GIA issues and other key risk items to ensure timely remediation. 
  • Identify and implement automation initiatives to improve overall GRC operations. 
  • Implement initiatives to improve ways of working with 2nd line & 3rd line functions. 
  • Produce timely and accurate MIS for GRC related activities to be covered as part of regular reporting. 

Technology Risk Management Framework:

  • Review and provide inputs on IT risk management framework to ensure efficiency and effectiveness of the process performance
  • Review and provide inputs on technology policies, processes & standards to ensure proper coverage of technology controls and metrics
  • Conduct regular reviews and assessments to assess adherence to Group policies and standards for effective implementation within Group Technology (GT)
  • Review and provide input on standard technology risk and control library
  • Implement the cyber risk assessment model and analysis approaches
  • Conduct various assurance initiatives and internal reviews across GT
  • Identify and implement control automation initiatives across GT

Cloud Management

  • Participate in conducting due diligence of cloud service providers and ongoing cloud service providers assessments.
  • Assess cloud solutions and determine risk of technology architecture, implementation, and suitability for the organization.
  • Review cloud service providers contracts for compliance with Group policies/processes and ensure relevant controls are considered in the contract with cloud service providers.
  • Assess the risk implications of digital innovation and its impact on technology risk profile of the bank. Provide recommendations to optimize the risks and ensure technology policy and process alignment.
  • Conduct in-depth technical security reviews, risk assessments, and architecture reviews for Cloud based technologies and solutions to ensure alignment with information security policies and technology guidelines.

DevOps/DevSecOps/Agile Practices

  • Provide inputs to development and maintenance of policies, frameworks, methods and standards for the DevOps and agile practices.
  • Ensure risk and security control requirements are considered during the early stages of the development lifecycle
  • Review possible bottlenecks of running the application in production and suggest service improvement plans.

Technology Risk Identification & Assessments:

  • Work with service teams on various risk and control assessments activities and ensure technology risks are managed as per FAB policies and standards.
  • Participate in Project & Change reviews to ensure appropriate treatment of technology risks.
  • Execute periodic risk assessment activities to identify vulnerabilities, threats and control effectiveness.
  • Assess the severity of each risk by assessing likelihood and impact. Work with stakeholders on the residual risk ratings and potential risk exposure.

Technology Risk Treatment & Review:

  • Support development of risk treatment strategies to maintain the bank’s risk posture at the desired level.
  • Ensure proper implementation of risk treatment options such as mitigation, transfer, acceptance etc. and help IT teams in mitigation or acceptance of risks/issues.

Technology Risk Monitoring & Reporting:

  • Review risk items and define Key Risk Indicators (KRI) to monitor high risk areas.
  • Produce periodic risk profile reports and KRI reports to senior management.
  • Work with technology teams to review Major incidents Reports and identify risk/control measures to prevent incident reoccurrence.

Job Context:

Key Performance Indicators:

  • Timely remediation of DLP alerts and associated actions.
  • Participation in relevant service line specific EA community sessions to address the GRC requirements
  • Completion of Risk and Control Self-Assessments as per the agreed schedule
  • Remediation of Technology GRC risk issues as per the established timelines
  • Adequately monitor and supervise remediation of Technology Service Line risk issues as per the agreed timelines
  • Ontime completion of KRI reporting and GORM incident management reporting
  • Completion of regulatory reporting activities as per the timelines
  • Adherence to GRC automation initiatives implementation plans
  • Ontime completion of mandatory trainings and meeting certification requirement
  • Ensure external audit and regulatory certifications are completed on time without non-compliance (PCI DSS, KPMG Statutory Audit, Swift CSF and NESA)
  • Coordinate with service lines to gather RFI’s and management response for GIA (Group Internal Audit’s) on time.

Qualifications

Knowledge & Experience:

  • 8 - 10 years of working experience in IT Security, Risk and Governance practices.
  • Experience with DLP (Data Leakage Prevention) management activities.
  • Knowledge and expertise in virtualization and cloud computing environments (different cloud models and types).
  • Hands on experience in using various Cloud Security best practices such as Cloud Security Alliance (CSA) guidelines and National Institute of Standards and Technology (NIST) guidelines.
  • Demonstrated experience in conducting technical risk assessments for various Cloud platforms.
  • Good understanding of process models and industry standards relating to IT Security, Risk and Governance.
  • Good understanding of security and risk management in financial institutions.
  • Excellent interpersonal skills and good oral and written communication skills.
  • Achievement of industry recognized certifications such as CISSP, CRISC, CCSP, CCSK, CISA etc.
  • Achievement of AWS and Azure cloud certifications is preferable.

Skills:

  • Relationship management
  • Influencing skills
  • Big picture thinker with attention to details
  • Strong change and communication skills
  • Strong analysis skills
  • Strong interpersonal skills
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  1  1  0

Tags: Agile Automation AWS Azure CCSK CCSP CISA CISSP Cloud Compliance CRISC DevOps DevSecOps Governance Monitoring NIST PCI DSS Risk assessment Risk management RMF Vulnerabilities

Perks/benefits: Career development Startup environment

Region: Asia/Pacific
Country: India

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.