Specialist - Mumbai | Zoek India | 21c2fa925d4f40958697f5f8808254c6
Specialist, Cyber Security Engineer-IT Security
Mumbai, Maharashtra, India
Permanent (Full time)
Specialist, Cyber Security Engineer-IT Security-(WD15623)
Job Duties and Responsibilities
IT Risk Management
Annual refresh of IT/ IS policies procedures and place them in the IT strategy/ Steering committee for approval and to the Board for adoption.
- Perform IT risk assessment and process review to confirm compliance to IT policies and procedure.
- Work closely with Information Security / CISO functions and IT tower leads for risk mitigation plan for identified risk and lodged them in the GRC tool.
- Track and follow up with risk / action owners to check status of the risk mitigation plan and update IT management on the status.
- Proactively highlight anticipated delay in risk mitigation plan and get the target completion date extended with formal approvals and update GRC system.
- Report key risks in IT Steering / Strategy committee and other risk management committees.
- Apply principle of Risk management to transfer, mitigate OR accept the risk for identified risk.
- Work with BU/ SU / technology towers on the impact assessment and assign risk severity to the risk acceptance request (policy exceptions) as per operational risk management framework. Get the risk acceptance approved as per risk approval matrix and lodged them in the GRC tool.
- Coordinate and work with external and internal IT auditors and review/ manage audit response from IT tower leaders before audit submissions. Participate in the audit closure meetings to discuss audit issues impact and risk severity.
- Own and act as a custodian of IT Risk Control Self Assessment (RCSA) exercise. Review and update key risks and focus area along with IT tower leads.
- Manage bi-annual IT RCSA testing of key risks and have the gaps reported in GRC tool for risk mitigation.
On need basis, act as authoriser for the access management functon and approve access request for local applications request.(this is not core activity and will required to act as backup for some of the local applications).
Experience Min 8-10 years of experience in IT Risk Management Experience in Banking / Financial Services domain would be an added advantag
/ B. Tech
/ M. Tech
CISSP / CISA