Detailed Job Description
Manager - IT & IS Governance (Controls Testing Specialist)
- Pivotal role in ensuring the effective governance, control testing framework, risk management and compliance of the organization's information security and technology infrastructure.
- Timely responses / compliance towards any advisories received from RBI and other applicable regulatory bodies.
- Sound knowledge of applicable RBI regulations/ circulars to NBFC business and its compliance adherence practices.
- Ensure efforts to establish and maintain robust IT governance frameworks, control testing, policies, and procedures, ensuring alignment with industry best practices, and regulatory requirements.
Roles & Responsibilities
- Compliance Assurance:
- Ensure compliance with relevant laws, regulations, and industry standards, be updated with the new/ changes in compliance requirements. Ensure required compliance within IS & IT team.
- Ensure timely response/ compliance to advisories/ questionnaires received from RBI and other applicable regulatory bodies.
- Collaborate and work along with business, legal and compliance teams to address regulatory/ compliance requirements.
- Governance Framework:
- Ensure adherence towards implementation of comprehensive IT & IS governance, testing control frameworks to guide decision-making processes.
- Help drive the Governance activities across the Technology estate of the organization. Key areas of focus would be timely response towards advisories/ compliance towards RBI, CERT-In advisories/ guidelines, Control Testing & Assessment framework, Change Management, Vulnerability & Patch Management, Obsolescence, Asset Management, BCP-DR, Training awareness, TPRA etc.
- Ensure alignment with organizational objectives, industry standards, and regulatory requirements. (Example: RBI, SEBI, CERT-IN, etc.)
- Policy Enforcement:
- Enforcement and monitoring of adherence to IT policies and procedures - covering areas such as information security, cyber security, data privacy & security controls, data classification, BCP-DR and IT Risk Management etc.
- Regularly assess the implementation of policies/procedures to address emerging threats and technology trends.
- Risk Management:
- Help identification and evaluation of IT/IS related risks.
- Assist the information security function in developing and maintaining the security and risk management program, including risk analysis and tracking process.
- Help in implementation of risk mitigation strategies and monitor the effectiveness of risk controls.
- Prepare dashboard for the management on periodic basis.
- Review and track IT & IS exceptions, risks and exceptions and prepare dashboard for the management.
- Control Testing and Assessment:
- Design, plan and execute control testing activities to evaluate effectiveness of process/procedures as outlined by the organization.
- Coordinate with internal teams to perform walkthroughs and document control processes to understand the design and implementation of the organizations controls related to IS & IT requirements.
- Clearly communicate detailed test plans, testing methodology and report on the control performance.
- Validate remediation of identified control deficiencies and report gaps to the stakeholders and follow-up for closure.
- Audit and Assurance:
- Coordinate with internal, external, RBI auditors related to IS & IT requirements.
- Ensure timely submission of the artefacts/ evidences basis requirements.
- Tracking, reporting and ensure compliance of observations/gaps raised by the auditors.
- Training and Awareness:
- Develop and deliver training programs to enhance IT & IS governance awareness across the organization.
- Foster a culture of cybersecurity and compliance among staff.
- Management Presentation:
- Liaising with various internal stakeholders for preparing decks for various Board level committees.
- Tracking of actionable items from various committees of the organisation and ensure compliance/ logical closure for the same.
Additional Skill-set- Bachelor's degree in Information Technology, Computer Science, or a related field. Master's degree or relevant certifications (e.g., CISM, CRISC) is a plus.
- Proven experience of 8+ years in a similar role with a focus on IS & IT governance.
- Must have knowledge of areas as outlined, but not limited to:
- Information Security (Confidentiality, Integrity, Availability and Privacy)
- Strong understanding of IT and operational controls
- Security Testing (White box, Black box and Code review)
- Application architecture, application security, network security In-depth knowledge of relevant laws, regulations, and industry standards.
- Applicable RBI regulations/ circulars to NBFC business and its compliance adherence practices.
- Should have good understanding of ISO 27001 ISMS, NIST Cybersecurity Framework, ISO 22301, GDPR, DPDP Act 2023 etc.
- Strong understanding of risk management principles and methodologies.
- Excellent interpersonal and communication skills.
- Ability to collaborate effectively with cross-functional teams.
