IT & Risk Control officer, AVP

Description The IT Risk and Control officer provides data analysis, identifies and evaluates potential areas of non-compliance or risk, assessing impact, probability and defined risk tolerance and presents findings and proposals for risk mitigation measures. The Divisional Regulatory, Risk and Control Analyst is responsible for supporting the delivery of the risk and control initiatives. This includes participation in risk and control activities, risk-based control reporting of key issues, performance and validation of cyclical activities such as annual control self-assessments. Achieve & Maintain coverage and compliance targets for IT Controls, especially IT Security Controls. Also be an influencer through offering advise & support to enable TDI PB to build & maintain value-adding and compliant software. What we’ll offer you As part of our flexible scheme, here are just some of the benefits that you’ll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under child care assistance benefit (gender neutral) Flexible working arrangements Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities Foster continuous compliance for TDI PB in accordance with PB risk appetite Advice, support, tracking and management reporting on IT Asset Governance processes Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement Drive the risk culture and risk awareness Represent TDI PB on risk and control topics to TDI Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions Facilitate use of technology-based tools or methodologies to review, design and/or implement products and services Excellent potential for 1) playing lead role in designated tasks in gathering, organizing and analyzing data; 2) strong potential for growth and acceptance of additional responsibilities Ensure application & vendor compliance to DB IT security policies & procedures Responsible for Vendor Risk Management compliance & approvals within the bank. Ensuring compliance to New Application Repository compliance Ensuring compliance of application penetration testing and co-ordinating with CISO & application vendor team to ensure tracking and closure of open risk points within the application Ensuring completion of Risk Assessment and Compliance Evaluation of Applications in co-ordination with the IT application owner. Single point of contact for internal/external/regulatory Retail IT Audit compliance. Responsible for demonstrating continuous improvement in state of monitoring of information security events. Responsible to timely reporting and resolution of security incidents to IT management teams. Enabling automated log aggregation, correlation, and analysis with the help of IT application vendor. Our main work packages are: IT Finding Management IT Asset Management IT Governance Process Optimization IT Control Governance Identity and Access Management Application Security Management Audit Control & Advisory Application Decommissioning Your skills and experience Bachelor of Science or Bachelor of Engineering + MBA equivalent from an accredited college or university (or equivalent) 10+ years’ experience in the field of Information Technology/ Information Security (preferably Bank Retail application technology) Experience in the field of Information Security / SOC / Incident Response / Incident Forensics Domain knowledge in the Banking industry Excellent knowledge of MS Office (including Excel, PowerPoint, Word). Good written and spoken communication skills Proven ability with building positive working relationships and managing stakeholders. Ability of adapting to change. Be open minded to new solutions and ideas, think “outside of the box”. Willing to share information, transfer knowledge and expertise. Proactive approach and ability to take ownership of assignments. Maintain a structured and systematic approach without being dogmatic A working knowledge of most aspects of information security is essential, as is the ability to apply this knowledge in an open network environment Information Security technical Certifications such as CEH, ECSA, CISA, CISSP etc. Strong working knowledge of various security technologies including architecture, incident management, and forensics.Experience or technical knowledge in financial environments is a plusProfessional level of English How we’ll support you Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs