As part of our Technology Risk team, you will be performing IT assessments (IT General Controls and IT Application Control testing). Working with Technology Risk team, you will also perform/ provide insights to IT Risk assessment, IT Governance, ERP reviews, Application control reviews, Cybersecurity reviews and conduct maturity assessment on the current IT posture.
- Prior experience in assessment, monitoring and reporting of the below technology risk domains (minimum 4 domains): -
- IT Risk Assessments
- SystemAcquisition & Lifecycle Management
- Problem Management (Change Management, IT Incident Management, Patch Management etc.)
- Resilience (BCP, DR, Backup & Recovery)
- Identity & Access Management
- Physical & Environmental Controls
- Third Party Management
- Capacity Management
- Logging and Monitoring
- Conduct technology reviews (performance, capacity, change etc.) and design reviews of new applications/enhancement in existing applications, APIs, infrastructure and identify design gaps.
- Provide recommendations for identifying and measuring key control indicators and key performance indicators in technology domains to assess and review performance of critical systems and applications.
- Prepare dashboards for management review.
- Review technical incidents and discuss and conclude root-cause ananlysis (RCA). Provide recommendation or suggestion to product/application team to avoid recurrence of the incident.
- Help verify the risks identified by IT stakeholders through self-assessment and discuss the findings with the internal stakeholders.
- Timely follow-up of open issues and observations flagged by internal audit, external audit, and regulators
- Identify technology risk on an ongoing basis for existing and new processes and products, or changes contemplated to existing products and processes.
- Bachelor's degree in any discipline.
- 8-12 years work experience in IT risk management.
- Minimum 5 years experience in Application design reviews.
- 4-5 years experience of BFSI Industry would be preferred.
- Knowledge of ITIL, ITSM, ISO27001, CoBIT, ITIL V3 would be preferable
- Knowledge of cloud services and cloud security controls would be preferable.
- Excellent communication skills (written and verbal) with an ability to explain complex topics to both technical and non-technical audiences
- Good analytical and presentation skills.
