IT Risk Specialist

Greetings from SmartStream Technologies India Pvt. Ltd.

Job Type - Office working (Hybrid)

An IT Risk Specialist is responsible for identifying, assessing, and mitigating potential risks to an organization's information technology systems and data. They ensure the security, privacy, and integrity of IT infrastructure while adhering to relevant regulatory standards and industry best practices.

 Monitor industry compliance (PCI-DSS, ISO 27001, SSAE, NIST) requirements and cyber security trends.

 Review cloud security solutions with respect to PCI and Cloud Security Attestation (CSA).

 Support the PCI Network, IT Infrastructure and Applications with security solutions, that offers SaaS OnDemand platform to card customers.

Job Responsibilities

 Develop a master control list, including clearly written failure points and testing procedures that effectively address the security, risks, controls, and compliance issues.

 Identify and assess risks related to IT systems, networks, and data.

 Perform risk assessments and vulnerability assessments for technology infrastructure and processes. Prioritize risks based on their potential impact on the business.

 Assist with documenting and regularly reviewing security policies, processes, and procedures.

 Ensure compliance with industry standards, regulatory requirements, and internal security policies.

 Conduct periodic IT security review, firewall configurations review of PCI environment.

 Oversee the identification, investigation, and response to IT security incidents and breaches.

 Conduct post-incident analysis to determine root causes and recommend improvements.

 Review IT security controls required for cloud security, ISO 27017, ISO 27001, C5, CSA, SSAE etc.

 Perform Risk assessment of client environment and hosted SaaS offerings.

 Perform internal assessment on client IT security and compliance requirements.

 Perform ad hoc audit projects responding to emerging risks and management requests.

 Act as the primary contact between technical teams, internal and external auditors; compiling and preparing artefacts.

 Respond to customer RFPs and RFIs on PCI and Cloud security deliverables.

 Conduct relevant contract reviews regarding PCI compliance and IT security requirements.

 Partner with procurement on the 3rd party risk management program.

 Senior management reporting on the Audit observations.

Key Skills

• Ability to multi-task, prioritize tasks in a rapidly changing environment

• Good exposure of IT infra and Cloud hosting.

• Flexibility to work global hours with limited in-country travel

• Client Focus, Priority setting, Integrity and Trust

• Analytical with good problem-solving skills

• Strong interpersonal and influencing skills; Excellent Stakeholder engagement

• Proven ability to communicate effectively at all levels

• Excellent communication and presentation skills

• Self-starter and strong motivator

• Ability to identify hot spots and quickly assess the impact and provide tactical and strategic controls

• Can operate effectively in a dynamic environment with tight deadlines, and can prioritize one's own work to achieve them

Desirable Skills

• Flexibility to work global hours with limited in-country travel

• CISA, CISSP certification is a plus.

• Relevant business knowledge in fintech would be well regarded.

• Agile experience is a Plus.

Qualifications

• Graduate or above from an accredited College or University (or equivalent)

Experience

• 10-15 years in IT security audit in an investment / commercial bank or fintech environment.

• Knowledge IT risk management.

• Knowledge of IT infrastructure and application is a must.

• Knowledge of SDLC, STLC and bug life cycle

Employment Type

Permanent

Benefits

• Competitive salary

• Open work culture

• Smart casual dress code

• Health insurances

• Office in prime location