Conduct thematic risk assessments in key identified areas of improvement, per internal or external audit observations, and determine effectiveness of Bank defences through interaction, interviews and on-ground assessment of operational effectiveness of IT and cybersecurity solutions.
Work with industry partners to identify emerging areas of cybersecurity risk and devise framework to assess risk to the Bank in these identified areas.
Liaise with IT and business stakeholders for conduct of assessments and closure of observations.
Conduct comprehensive risk assessments to identify and mitigate information security risks at the enterprise level.
Propose and steer implementation of controls, key performance indicators (KPIs), key risk indicators (KRIs) and trending metrics, in collaboration with business and IT teams to plan effective risk mitigation strategies.
Collate, validate and present single-view dashboard and risk heat map of the risk indicators and metrics for consumption of Board and management committees.
Review root cause analyses (RCA) for KRI threshold failures and present findings in management meetings.
Basis above indicators and metrics, distil inputs on material risks in security domains to the Risk register of the Bank.
Follow-up on the mitigation of identified risks, maintaining and updating the risk register.
Maintain and update procedures and process documentation concerned with risk assessment and management.
Identify opportunities to automate risk management processes and drive their implementation.
Required Qualifications
Bachelor’s degree in Computer Science, Information Security, or a related field.
11-12 years of experience in risk assessments, maintaining and presenting risk registers, KRIs and KPIs. 2-4 years of BFSI experience would be preferable
Strong knowledge of security frameworks and methodologies (e.g., RBI guidelines, NIST Cybersecurity Framework, ISO 27001)
Excellent understanding of cloud security principles and practices.
Strong analytical and problem-solving skills.
Ability to work independently and manage multiple projects simultaneously.
Certification such as CRISC or CISSP would be preferred.