Team Leader - IRM-SUPPORT SERVICES-Information Risk Management Team

Job Description – Thematic Assessments & Enterprise Risk Management

Responsibilities

• Conduct thematic risk assessments in key identified areas of improvement, per internal or external audit observations, and determine effectiveness of Bank defences through interaction, interviews and on-ground assessment of operational effectiveness of IT and cybersecurity solutions.
• Work with industry partners to identify emerging areas of cybersecurity risk and devise framework to assess risk to the Bank in these identified areas.
• Liaise with IT and business stakeholders for conduct of assessments and closure of observations.
• Conduct comprehensive risk assessments to identify and mitigate information security risks at the enterprise level.
• Propose and steer implementation of controls, key performance indicators (KPIs), key risk indicators (KRIs) and trending metrics, in collaboration with business and IT teams to plan effective risk mitigation strategies.
• Collate, validate and present single-view dashboard and risk heat map of the risk indicators and metrics for consumption of Board and management committees.
• Review root cause analyses (RCA) for KRI threshold failures and present findings in management meetings.
• Basis above indicators and metrics, distil inputs on material risks in security domains to the Risk register of the Bank.
• Follow-up on the mitigation of identified risks, maintaining and updating the risk register.
• Maintain and update procedures and process documentation concerned with risk assessment and management.
• Identify opportunities to automate risk management processes and drive their implementation.

Required Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 11-12 years of experience in risk assessments, maintaining and presenting risk registers, KRIs and KPIs. 2-4 years of BFSI experience would be preferable
• Strong knowledge of security frameworks and methodologies (e.g., RBI guidelines, NIST Cybersecurity Framework, ISO 27001)
• Excellent understanding of cloud security principles and practices.
• Strong analytical and problem-solving skills.
• Ability to work independently and manage multiple projects simultaneously.
• Certification such as CRISC or CISSP would be preferred.