Senior Analyst- Technology Risk Management
First Abu Dhabi Bank
- Bangalore, Karnataka
- Permanent
- Full-time
- Implement GRC activity oversight mechanism across the unit and ensure implementation of proper tracking & reporting systems.
- Track and complete GT BIA/BCP related requirements as per the GBCM timelines.
- Track, monitor and report GT related periodic UAE regulatory requests & reporting.
- Actively work with the team to improve GT Risk Remediation activities and implement proper governance mechanisms.
- Ensure timely completion of IT Risk Operations activities.
- Manage Data Leakage Prevention (DLP) notifications and implement improvement initiatives to optimize the monitoring policies.
- Ensure timely remediation of DLP alerts and necessary actions as per the organization policies.
- Act as a point of contact for GIA for TechGRC audit activities.
- Implement proper tracking mechanism for Operational Risk Incidents to ensure compliance with GORM policies.
- Ensure all the GRC systems used by 3 lines of defense are in sync and execute periodic reconciliation activities.
- Work with the teams to have definitive plans for GIA issues and other key risk items to ensure timely remediation.
- Identify and implement automation initiatives to improve overall GRC operations.
- Implement initiatives to improve ways of working with 2nd line & 3rd line functions.
- Produce timely and accurate MIS for GRC related activities to be covered as part of regular reporting.
- Review and provide inputs on IT risk management framework to ensure efficiency and effectiveness of the process performance
- Review and provide inputs on technology policies, processes & standards to ensure proper coverage of technology controls and metrics
- Conduct regular reviews and assessments to assess adherence to Group policies and standards for effective implementation within Group Technology (GT)
- Review and provide input on standard technology risk and control library
- Implement the cyber risk assessment model and analysis approaches
- Conduct various assurance initiatives and internal reviews across GT
- Identify and implement control automation initiatives across GT
- Participate in conducting due diligence of cloud service providers and ongoing cloud service providers assessments.
- Assess cloud solutions and determine risk of technology architecture, implementation, and suitability for the organization.
- Review cloud service providers contracts for compliance with Group policies/processes and ensure relevant controls are considered in the contract with cloud service providers.
- Assess the risk implications of digital innovation and its impact on technology risk profile of the bank. Provide recommendations to optimize the risks and ensure technology policy and process alignment.
- Conduct in-depth technical security reviews, risk assessments, and architecture reviews for Cloud based technologies and solutions to ensure alignment with information security policies and technology guidelines.
- Provide inputs to development and maintenance of policies, frameworks, methods and standards for the DevOps and agile practices.
- Ensure risk and security control requirements are considered during the early stages of the development lifecycle
- Review possible bottlenecks of running the application in production and suggest service improvement plans.
- Work with service teams on various risk and control assessments activities and ensure technology risks are managed as per FAB policies and standards.
- Participate in Project & Change reviews to ensure appropriate treatment of technology risks.
- Execute periodic risk assessment activities to identify vulnerabilities, threats and control effectiveness.
- Assess the severity of each risk by assessing likelihood and impact. Work with stakeholders on the residual risk ratings and potential risk exposure.
- Support development of risk treatment strategies to maintain the bank's risk posture at the desired level.
- Ensure proper implementation of risk treatment options such as mitigation, transfer, acceptance etc. and help IT teams in mitigation or acceptance of risks/issues.
- Review risk items and define Key Risk Indicators (KRI) to monitor high risk areas.
- Produce periodic risk profile reports and KRI reports to senior management.
- Work with technology teams to review Major incidents Reports and identify risk/control measures to prevent incident reoccurrence.
- Timely remediation of DLP alerts and associated actions.
- Participation in relevant service line specific EA community sessions to address the GRC requirements
- Completion of Risk and Control Self-Assessments as per the agreed schedule
- Remediation of Technology GRC risk issues as per the established timelines
- Adequately monitor and supervise remediation of Technology Service Line risk issues as per the agreed timelines
- Ontime completion of KRI reporting and GORM incident management reporting
- Completion of regulatory reporting activities as per the timelines
- Adherence to GRC automation initiatives implementation plans
- Ontime completion of mandatory trainings and meeting certification requirement
- Ensure external audit and regulatory certifications are completed on time without non-compliance (PCI DSS, KPMG Statutory Audit, Swift CSF and NESA)
- Coordinate with service lines to gather RFI's and management response for GIA (Group Internal Audit's) on time.
- 8 - 10 years of working experience in IT Security, Risk and Governance practices.
- Experience with DLP (Data Leakage Prevention) management activities.
- Knowledge and expertise in virtualization and cloud computing environments (different cloud models and types).
- Hands on experience in using various Cloud Security best practices such as Cloud Security Alliance (CSA) guidelines and National Institute of Standards and Technology (NIST) guidelines.
- Demonstrated experience in conducting technical risk assessments for various Cloud platforms.
- Good understanding of process models and industry standards relating to IT Security, Risk and Governance.
- Good understanding of security and risk management in financial institutions.
- Excellent interpersonal skills and good oral and written communication skills.
- Achievement of industry recognized certifications such as CISSP, CRISC, CCSP, CCSK, CISA etc.
- Achievement of AWS and Azure cloud certifications is preferable.
- Relationship management
- Influencing skills
- Big picture thinker with attention to details
- Strong change and communication skills
- Strong analysis skills
- Strong interpersonal skills