AddressJob title: Head IT GRC
Reporting to: CIO Hours: General Work Time (9. 30 am to 6. 30 pm) Location: YBH, Santacruz Overall Responsibilities As part of the Technology Assurance Team the Head- IT GRC will be responsible for coordinating with Internal and External Auditors to ensure the audit process is managed smoothly.
- Work closely with various teams for collecting evidence for Internal / External Auditor.
- Coordinate with internal teams on mitigation of IT related business risk including implementation of strong controls.
- Follow-up with the process owners to ensure the open audit points are closed as per suggestions provided by Auditor and best practices.
- The individual is expected to be able to communicate effectively with senior management, audit and risk managers both verbally and written in a variety of situation including one to one, committee meetings, and formal presentations
- Key Areas of responsibilities - Internal, Concurrent & Statutory Audit - Liaise with internal and external auditors for various audit requirements of Technology and solutions group, follow-up with internal team.
- Assist the Auditors in completing a control and risk assessment testing following the documentation of the systems and processes being reviewed.
- Audit Report management- Preparing an audit issue tracker from the audit report published by the auditors.
Follow-up with the process owners to ensure the open audit points are closed as per suggestions provided by Auditor and best practices.
- Regulatory Compliance - Liaise with team to ensure compliance to regulatory requirements.
- Also, ensure timely completion of all submission to regulatory bodies.
- Reporting - Preparing dashboard for management to highlight the progress and current risk pending for compliance one periodic basis - Process Audit and review - Perform periodic internal process review to highlight any risk or gaps in the process.
- Create a test programme to check that the controls are operating in accordance with the process defined.
- Conduct joint exercise with ORM team to ensure Risk base audit for BDTS .
- Essential Skills/Experience/Qualification - Should have experience in fields related to IT General Controls, Audit, Information Security Controls and regulatory compliance , Subject matter expert on technology and information risk management.
- Strong understanding of the industry wide best practices, policies& procedures, technique in the area of risk management
- At least one of the professional qualification preferable such as CISM/CISA/CISSP/ ISO 27001 LA , Experience of documenting processes, policies, procedures, reports etc , Liaise with stakeholders, internal auditors, external auditors and various teams in facilitating and running audits - Analyze and categorize IT risks identified across all sources / processes Assist with risk management process.
- Strong written and oral communication skills and the ability to interact with senior management.
- Sound presentation skills including the ability to communicate risk posture, audit finding clearly and concisely
- Project management skills to monitor and track projects effectively , The ability to work effectively under pressure, tight schedules and flexible hours
- Excellent judgment and proven decision-making skills, Excellent English language skill is a must.
- Ability to be both an effective listener and influencer is a plus , Good understanding of IT and its operational setup in banking is a plus
- Preferred background are Risk Management assessment / Audit/Control self-assessment/Information Security experience
