About Us
Established in the year 2000 in the US, we have global offices in the US, India, UK, Australia, Mexico, Vietnam, and Canada, with best-in-class infrastructure and development facilities spread across the globe. We are an end-to-end solution provider in Banking & Financial Services, Telecom, Healthcare, Manufacturing & Energy verticals and have successfully delivered $1 billion worth of projects for more than 20 Fortune 500 companies.
Position Name
Enterprise Risk Management Analyst
Experience
18+ Years
Location
Bangalore
Shift Timings
Custom
Job Description
- Develop, own, and update the enterprise IT risk management framework in line with leading standards (e.g., ISO 31000, NIST CSF, COBIT, ISO 27001) and regulatory requirements such as GDPR and NIS2.
- Define the organisation's IT risk appetite and criteria in partnership with senior leadership and the CISO, and provide strategic risk insights to executive and board-level committees.
- Lead enterprise-wide IT risk identification, assessment (qualitative and quantitative), and maintain the IT risk register, heat maps, and KRIs.
- Develop and oversee risk treatment plans, drive mitigation control implementation, and embed IT risk into project governance and change management processes.
- Manage third-party IT risk assessments, vendor due diligence, and ensure contractual risk clauses and ongoing monitoring of critical suppliers.
- Oversee IT control self-assessments, coordinate testing and remediation with Internal Audit and GRC, track control performance, and report on residual risk.
- Support major incident response, business continuity, and disaster recovery planning from an IT risk perspective.
- Prepare and present executive IT risk reports, facilitate risk training and workshops, and handle regulatory, client, and audit requests.
- Monitor evolving IT and regulatory requirements, assess emerging risks, recommend controls, and ensure compliance with mandatory reporting obligations.
- Mentor junior team members, foster strong stakeholder relationships, and drive continuous improvement in IT risk processes and tools.
Audit & Assessment
Policy Management
Regulatory Compliance
Risk Management
Key Skills
- Analytical & Quantitative Acumen: Proficiency in risk modelling, data visualization, and statistical analysis to translate complex risks into actionable insights.
- Strategic Influence: Ability to engage C-suite and board members with clear, compelling risk narratives.
- Project Management: Skilled in leading cross-functional initiatives/projects and driving cultural shifts toward proactive Risk Management.
- Attention to Detail: Meticulous in control testing, documentation, and audit trails.
- Adaptability: Thrives in ambiguous, fast-paced settings with evolving regulatory landscapes.
Soft Skills
Good Communication
Qualification
Education: Bachelor's or master's degree in related field.
Certifications
Certification in any - CISA, CRISC, CISM, CISSP and ISO 27001 Lead Auditor/Lead Implementer; highly desirable.
