Job Description
o Lead and support risk assessments of new and existing technology initiatives, products, and services.
o Conduct deep-dive risk reviews of IT and Cyber domains such as Identity & Access Management, Network Security, Incident Management, Data Protection etc.
o Advise business and IT stakeholders on risk mitigation strategies and control enhancements.
- Technology Risk Oversight
o Provide independent oversight and challenge to first line technology risk activities, controls, and remediation plans.
o Review and assess technology risk and control self-assessments (RCSAs), risk registers, and key risk indicators (KRIs).
o Monitor emerging technology risks (e.g., AI, quantum, etc.) and escalate as appropriate.
Policy & Framework Review & Developmento Contribute to the development, maintenance, and enhancement of technology risk management frameworks, policies, and standards.
o Ensure alignment with regulatory expectations (e.g., FFIEC, NIST, ISO 27001) and industry best practices.
Cyber Maturity Review & Challengeo Review quarterly cyber maturity reviews performed by first-line and challenge the outcomes with clear reasoning.
Reporting & Communicationo Prepare and present technology risk reports, dashboards, and insights for senior management and governance committees.
o Communicate complex technology risk concepts in clear, business-focused language.
Requirements
Qualifications :
Must Have Skills / Project Experience / Certifications :
Bachelor’s degree in information technology or related field5-8 years information security experience with 3+ years of experience in technology risk managementExcellent verbal and written communicationUnderstanding and knowledge of industry standards and industry frameworks (e.g., COBIT, COSO, ISO 27001, PCI, NIST)Experience of implementing and operationalizing technology risk management programs.Understanding of security requirements, contributions to security design and hands-on implementation of multiple security technologies and capabilitiesHands on experience working with stakeholders in identifying, prioritizing and developing plans and roadmaps for cyber security programsBroad domain knowledge and strong understanding of three or more cyber security domains including (but not limited to) :Cyber risk strategyCyber risk program management and deliveryCyber security operationsSecurity architectureData protectionApplication security / SDLCThird party risk managementCloud securityCyber Threat IntelligenceSecurity Operations CenterIncident ResponseCyber ResilienceGood to Have Skills / Project Experience / Certifications :
CISSP / CRISC (or equivalent)Education :
B.E. / B.Tech + MBA (Preferred)Requirements
Must Have Skills / Project Experience / Certifications :
Bachelor’s degree in information technology or related field3-5 years information security experience with 3+ years of experience in technology risk managementExcellent verbal and written communicationUnderstanding and knowledge of industry standards and industry frameworks (e.g., COBIT, COSO, ISO 27001, PCI, NIST)Experience of implementing and operationalizing technology risk management programs.Understanding of security requirements, contributions to security design and hands-on implementation of multiple security technologies and capabilitiesHands on experience working with stakeholders in identifying, prioritizing and developing plans and roadmaps for cyber security programsBroad domain knowledge and strong understanding of three or more cyber security domains including (but not limited to) :Cyber risk strategyCyber risk program management and deliveryCyber security operationsSecurity architectureData protectionApplication security / SDLCThird party risk managementCloud securityCyber Threat IntelligenceSecurity Operations CenterIncident ResponseCyber Resilience Good to Have Skills / Project Experience / Certifications :CISSP / CRISC (or equivalent) Education :B.E. / B.Tech + MBA (Preferred)