Job Description
Business Function
Group Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.
Requirements
Job Purpose
The IT Risk Manager is responsible for end‑to‑end management of Technology risks, including conducting RCSAs, identifying, monitoring, mitigating risks, and ensuring adherence to internal and regulatory policies. The role oversees audits, compliance requirements, issue identification and closure, and supports regulatory and internal reporting obligations. It requires strong coordination across Technology, Operations, Compliance, and stakeholders to ensure a resilient and well‑governed Technology environment
Technology Governance & Risk Management
- Conduct and manage the full lifecycle of the Risk Control Self‑Assessment (RCSA), including control identification, testing, effectiveness assessment, and documentation.
- Identify, monitor, track, and mitigate Technology risks across applications, infrastructure, processes, and third‑party engagements.
- Facilitate and sign‑off risk acceptance (RA) proposals in accordance with internal policies and governance requirements.
- Review, monitor, and support remediation for Change Management, Incident Management, and Problem Management activities to ensure risks are assessed and adequately addressed.
- Drive timely creation and execution of mitigation plans, ensuring closure of risk items within committed timelines.
- Strengthen ongoing risk monitoring through proactive checks, stakeholder dialogues, and thematic risk assessments
Audit & Compliance:
- Manage all types of audits including regulatory (RBI/SEBI/MAS), internal audit, statutory audit, and concurrent audit. Support requirements for certifications including PCI DSS, ISO.
- Front-end audit engagements by coordinating with auditors, managing walkthroughs, responses, and preparing teams for examination activities.
- Conduct proactive internal checks prior to audits to assess readiness, validate evidence, and identify potential gaps in advance.
- Lead evidence collection, quality assurance, submission, escalation handling, and end‑to‑end closure of observations.
- Ensure accurate and timely reporting of audit statuses, progress updates, and action closure to senior stakeholders.
- Minimize repeat findings through structured remediation, control enhancements, and process health checks
Self‑Identification of Issues:
- Proactively identify issues, control gaps, deviations, and process weaknesses through continuous monitoring, thematic reviews, and internal assessments.
- Track and monitor identified issues to ensure timely and effective closure with accountability across Technology teams.
- Maintain accurate issue logs, update dashboards, and ensure evidence‑backed closure as per governance requirements.
- Promote a culture of proactive risk detection and transparent reporting across Technology units.
Regulatory & Internal Reporting
- Prepare and submit regulatory reports including RBI tranche reporting, Cyber Security KRO and any other Technology‑related compliance submissions, and supervisory artefacts as required.
- Manage and track Key Risk Indicators (KRIs), perform trend analysis, and highlight emerging risks through structured KRI governance.
- Support internal risk reporting including dashboards, governance packs, periodic updates for senior management, and management forums.
- Ensure accuracy, completeness, and timely delivery of all regulatory and internal risk reporting commitments
- Developing internal controls checks to check adherence and reporting from time to time
- Driving Automation of control checks and adaption of AI, data and automation in to governance and risk practices
Risk Awareness & Culture
- Drive a strong risk‑aware culture across Technology by promoting proactive identification of risks, early escalation, and transparent communication.
- Conduct regular training sessions, awareness programs, and targeted workshops to strengthen understanding of Technology Risk, compliance expectations, and audit preparedness.
- Partner with leaders and teams to embed risk‑first thinking into day‑to‑day operations, project governance, and decision‑making processes.
- Foster continuous learning by sharing lessons from incidents, audits, and thematic assessments to prevent recurrence and enhance capability maturity.
- Encourage teams to internalize accountability for controls, risk ownership, and adherence to regulatory and internal standards.
Collaboration and Communication:
- Collaborating with cross-functional teams to ensure Tech risk deliverables are met within committed deadlines
- Ensuring effective communication and collaboration across different technology teams and stakeholders
- Driving initiatives to enhance Tech Risk culture across units and create environment for proactive actions with regards to Tech Risks
Required Experience
- 5–8 years of relevant experience in IT Risk Management, Technology Audit, Compliance, or related roles.
- Strong understanding of RCSA, risk frameworks, incident/change/problem management processes.
- Hands‑on experience managing regulatory, statutory, internal, and concurrent audits.
- Experience with issue management, control testing, evidence management, and audit readiness.
- Strong analytical skills and the ability to synthesize risk information for leadership consumption.
- Familiarity with regulatory reporting (RBI/SEBI/MAS) and Technology-specific reporting standards
- Ability to identify control gaps and find solutions to mitigate the same
- Drive automation and adaption to new technologies to drive effective monitoring and risk oversight
- Experience with audit planning and reporting.
Education / Preferred Qualifications
- Bachelor's degree in IT, Computer Science, Engineering, or related field.
- Preferred: Master's in Technology/IS or MBA.
- Certifications like CISA, CRISC, CISM, CISSP, ISO Lead Auditor are beneficial
Core Competencies
- Strong analytical and problem‑solving capabilities
- Ability to engage with senior stakeholders with clarity and confidence
- High attention to detail, discipline, and adherence to regulatory rigor.
- Ability to manage multiple priorities and meet strict timelines.
- Strong collaborative mindset with a risk‑aware work ethic.
- Strong communication and interpersonal skills
- Change / Innovation Orientation
Technical Competencies
- Strong understanding of IT controls, risk frameworks, audit methodologies, and regulatory standards.
- Proficiency in data analytics and use of automation/AI tools for risk and compliance monitoring.
- Knowledge of ITGCs, application controls, access/privilege management, and infrastructure governance.
- Familiarity with GRC tools, audit management platforms, and compliance systems.
- Prior experience in risk management / governance/ compliance in banking industry Prior experience of 5 to 8 years in governance/ compliance in banking industry
Location:
Mumbai
Job:
Technology
Schedule:
Regular
Employee Status:
Full time
