IT Internal Controls & Risk Manager

Responsibilities:

• Execute, Manage, and Coordinate all regulatory non-inspection deliveries including regulatory assessments and attestations, regulatory mandates, regulatory advisories, ad hoc regulatory questionnaires, regulatory correspondence and reporting etc. This also includes all correspondence to relevant business segments of the bank.
• Execute, Manage, and Coordinate towards establishing and maintaining centralized IT design level controls inventory / repository and performing continuous proactive monitoring on renewals / revisions of the relevant design level controls. This also includes all correspondence to the relevant business segments of the bank.
• Execute, Manage, and Coordinate in performing continuous self-assessment on approved and valid IT framework, policies and procedures including on-ground validation towards strengthening operating efficacy.
• Execute, Manage, and Coordinate towards collation, articulation, review and issuance of consolidated report detailing gaps and recommendations for improvisation of relevant design level controls.
• Execute, Manage, and Coordinate towards establishing and maintaining a centralized IT Knowledge Database (KDB) for IT Division in organizing information available and accessible for IT senior management.
• Execute, Manage, and Coordinate towards automation initiatives for required IT processes towards TAT reduction where deemed necessary.
• Execute, Manage, and Coordinate in completion of the annual assessment process with validation for Institutional Control for Financial Reporting (Entity Level Controls). This also includes all correspondence to relevant business segments of the bank.
• Execute, Manage, and Coordinate towards performing continuous proactive monitoring of IT Budget utilization post budget approval facilitating relevant business segments of the bank towards financial memo processing or payments. This also includes all correspondence to relevant business segment of the bank.
• Execute, Manage, and Coordinate end-to-end management of IT and Security ICS for group reporting. This also includes all correspondence to relevant business segments of the bank.
• Execute, Manage, and Coordinate towards establishing and maintaining centralized IT regulations management (including regulatory mandates, group mandates and international standards if any) inventory / repository and perform gap assessments in coordination with relevant IT sub-verticals. This also includes all correspondence to relevant business segments of the bank.
• Execute, Manage, and Coordinate re-assessment of IT relevant regulations including on-ground validation towards maturing operating efficacy and assuring compliance to relevant auditors or external agency (where deemed necessary), strengthening the gap of changes in bank’s technology landscape. This also includes all correspondence to relevant business segments of the bank.
• Execute, Manage, and Coordinate towards establishing and implementation of IT Risk Management process in alignment with organization’s operational risk management framework.
• Execute, Manage, and Coordinate towards management of operational processes such as Operational Risk Event Reporting (ORE), Key Risk Indicators (KRI), Risk Control Self-Assessment (RCSA), Institutional Risk Assessment Framework (IRAF), Process Management (PM), Process Landscape (PL) etc. This also includes all correspondence to relevant business segments of the bank.
• Execute, Manage, and Coordinate towards performing risk assessments for all applicable technology processes or sub-processes where deemed necessary.
• Execute, Manage, coordinate end-to-end management of IT Risk Register with continuous risk identification, assessment, prioritization, remediation, tracking and monitoring of IT risks towards minimizing inherent risk. This also includes all correspondence to relevant business segments of the bank.
• Lead, drive and coordinate the assessment of all the ‘High’ rating risks, audit observations, threats and vulnerabilities after every occurrence and mapping of established internal controls against them for swift mitigation and resolution.