Job Description
Job Title - Risk Specialist
Location - Mumbai, India
Corporate Title - AVP
Overview
The Information Security & Technology Risk team is a 2nd Line of Defence (LoD) unit of the wider Non-Financial Risk Management (NFRM) function within the Chief Risk Office (CRO).
The team provides several Information Security and Technology Risk management services to the Group through staff located across key global hubs (Germany, UK, America, Singapore). These include (and not limited to):
• design and implementation of the Information Security & Technology Risk Framework.
• defining and monitoring the Group, Division and Business Unit's IT & IS Risk Appetite through key risk metrics.
• supplying expertise on key security, stability & resiliency topics through continuous engagement with 1st LoD stakeholders.
• input, review and challenge into the design and implementation of the Banks major information security and technology investments and risk reduction programmes.
• Providing senior management with risk expertise on current and emerging information security and technology topics (e.g. Cloud transformation, digital assets, payment technology advancements, service orientated architecture, IS & IT operational resilience)
• implementation of minimum control standards the Group must operate against
• oversight of the 1st Line of Defense execution of the Information Security & Technology Risk Framework
• independent risk and control assessments
• continuous engagement with key regulators on Information Security & Technology Risk matters.
Your key responsibilities
• Supporting the Regional Head and contribute to all activities performed in APAC region as the 2LoD for Information Security and Technology Risk.
• Supporting the production, development, and presentation of the Bank's Information Security & Technology risk metrics.
• Ensuring risks are proactively identified, reported, and managed; and contributing to adoption of advanced tools and analytical capabilities for effective risk management and reporting.
• Audit and Regulatory engagement and representing Information Security & Technology topics ISR in internal governance councils / committees, with Group Audit (3LoD) and regulators as required.
• Lead and contribute to control assessments and mitigation initiatives relating to Information Security and Technology risk including dynamic Risk and Control Assessments (RCA), deep-dives, and Scenario exercises to provide analysis of the key security or stability risks that may exist.
• Work with stakeholders in 1LoD to support implementation of the Information Security and Technology risk management framework. Providing an effective, independent review and challenge of the impact of major Technology transformation projects to ensure completeness and correctness of the Bank's risk profile.
• Supporting the team with dedicated coverage of a specific Business Division and/or Region on all Information Security & Technology Risks.
• Developing relationships with stakeholders in NFRM (Divisional and APAC Country Coverage, other risk type controllers); in the first LoD such as Group Chief Security Office (CSO), Divisional Chief Security Officers (D-CISO), Group Chief Technology Office (CTO) and Embedded Risk Teams (ERT); and with other control functions such as Compliance.
• In addition, the Risk Specialist will be asked to contribute to wider cross team activities within NFRM through the lens of Information Security & Technology such as Operational Resilience & Third-Party Risks.
Your skills and experience
• University degree (Computer Science, Business Administration, or equivalent). Majors in Information Security, Technology and/or Risk Management is a plus.
• 5+ years of direct experience in Information Security / Technology Risk Management, preferably in the finance industry, consulting, or a large technology company. Amongst others robust understanding of Cloud technology, Cyber vulnerabilities, Identity & Access, Change management, SDLC & Testing practices, High resilience architecture, Disaster recovery, application, platform and enterprise technology solutions and their underlying security concepts.
• Sound understanding of risk management principles and regulatory guidelines and frameworks for Information Security and Technology in Asia Pacific is required.
• Good knowledge of relevant assessment frameworks and/or standards (e.g., ISO/IEC 27000 Series, NIST, COBIT, SOC2) is required.
• Relevant professional certifications e.g., CISSP, CCSP, CCSK, CISA, CISM, ISO 27001 Lead Auditor or similar.
• Knowledge of Cloud architecture and experience in managing IS and Technology risks in a Cloud set-up is a plus.
• Strong communicator and presenter. Comfortable presenting to management. Good verbal and written English skills to present complex matters in a simple clear form.
• Ability to work in a pressured environment with continuous demands, able to prioritise effectively and manage time and effort efficiently.
• Experience of working in an Agile mode using Sprint methodology is beneficial.
What we offer you:
• Competitive salary
• Flexible working, mentoring programs, work-life-balance
• Supporting growth and personal development
• Intercultural and multinational work environment
How we'll support you
• Training and development to help you excel in your career
• Coaching and support from experts in your team
• A culture of continuous learning to aid progression
• A range of flexible benefits that you can tailor to suit your needs
💡 Quick Summary
Seeking a career-building opportunity? The Infrastructure Coverage position is now open for candidates interested in the Bank Jobs sector. This role in Mumbai offers a professional environment and growth potential.
Requirement Snapshot: Candidates should possess basic communication skills, a proactive attitude, and the ability to work in a team. Experience in Bank Jobs is a plus.
