Information Technology Risk Manager

Role: IT Audit & Risk ManagerExp range: 12+ yearsWork Location: BangaloreWork timings: 12 to 9pm ISTWork model: HybridPosition SummaryThe IT Audit and Risk Manager is an essential role to assist our business with making risk informed decisions. The position is responsible for supporting the security direction of the business and elevating the company’s security posture across multiple jurisdictions. The position requires an understanding of managing cyber risk in new technologies and legacy systems. The Cyber Security IT Audit and Risk Manager is expected to support the security strategy of the business within new and existing information system capabilities and responsible for leading internal audit efforts and coordinating with audit partners.The ideal candidate has a strong IT security audits and risk management background, proven experience of experience in security, compliance, risk management and audit. The role oversees the business’ security audit requirements and obligations mandated by standards, regulations and experience developing IT cyber security policies.In tandem with security leadership, the Cyber Security IT Audit and Risk Manager consistently assesses, audits, and validates the assurance of the security program. As a primary point of contact for internal and external auditors, the Cyber Security IT Audit and Risk Manager monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business via effective delegation and empowering cross matrixed teams. Success will be driven by strong servant leadership principles and guidance which compels teams to action. As a primary point of contact for security risks, you will monitor progress and enforce resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the information security team, the role must focus on strong risk management and corporate resiliency, and not be driven solely by compliance.Essential Job DutiesBuild relationships with global teams across Business Operations, Compliance, IT and Legal to manage technology risks and regulatory compliance.Ensure collection, validation, adequacy and accuracy of information that are submitted to audit partners.Customize and manage GRC tools as part of day today work.Engage with IT project teams to identify and mitigate cyber security risks and build solutions that are compliant with global regulatory requirements.Improve compliance of IT processes and identify opportunities for technology compliance control automation.Manage and execute delivery of assigned internal, external, and jurisdictional audits as per published audit plan.Design high-quality test plans and direct technology control test activities.Build and maintain controls that map to compliance requirements, provide implementation recommendations and monitor evidence.Continuously improve the IT Security control framework in alignment with industry trendsContribute to coordination with jurisdictional Business, Risk, Compliance stakeholders and audit partners.Keep up to date with external technology and compliance regulations, data privacy and security best practices.Define and publish quantitative and qualitative technology compliance metrics..Identify strengths and weaknesses in IT technology operations and projects as they relate to privacy, security, business resiliency and regulatory compliance.Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.Work in tandem with GRC and business leadership to perform ongoing security program assessments and audits and create annual strategic technology and budgetary directives.Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply GRC expertise across key lines of business, including products, practices, and procedures.Skills and ExperienceAt least 12 years’ experience in IT audit, risk management.Prior experience leading internal and/or external IT audits in a large organization and interacting with audit partnersExtensive knowledge and understanding of audit standards and practices, and control frameworks (ISO, NIST, COSO, COBIT, etc.). Additional experience in one or more of the following: ISO 27001 or NIST and experience in creating/ managing SOC frameworks.Highly trustworthy; leads by example and empowers team members by involving them in various audit programs to enable them to identify and manage risk in the organization IT audit control framework.Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities.Extensive knowledge of global technology laws and regulations, including but not limited to PCI, SOX, FFIEC, ISO 27001, SWIFT, GDPR, AIFMD, PSD2, EBA, ESMA, MAS, CSSF, CIMA, CBI. Additional experience in one or more of the following: ISO 27001 or NIST.Understanding of security concepts of threat categories (such as malware, phishing attacks, Defense-in Depth, MITRE ATT&CK framework).Extensive knowledge and understanding of technology policies, standards, and guidelines and experienceExperience with regulations and regulatory expectations regarding technology in the region of your accountability.Prior experience working with GRC systems and knowledge of best practices in configuration.Education and Certification RequirementsBachelor’s degree in computer science or equivalent industry experience.Holds one or more security, audit and risk industry certifications such as: CISSP, CISM, CRISC, CISA, CIA, CIPP, CIPT, CIPM, CERA, CRM, GRCP, or GRCA.About UsCSC is a global business, legal, and financial services company based in Wilmington, Delaware, USA, providing knowledge-based solutions to clients worldwide. We have offices and capabilities in over 140 jurisdictions in the Americas, Europe, Asia Pacific, and the Middle East, and more than 8,000 colleagues. We are the business behind business.®Visit our careers site to learn more about CSC and our commitment to our clients, communities, and each other.CSC is committed to creating a feeling of belonging through a diverse and growth-oriented environment where everyone is valued.CSC colleagues have global career opportunities and excellent benefits, including annual success-sharing bonuses or commission plans based on individual performance. To learn more, visit cscglobal.com/service/careers.We offer a range of support to colleagues with disabilities, ensuring people have the necessary resources to thrive in their roles. We encourage candidates to work closely with our talent acquisition partners to convey their specific needs. Our commitment to accessibility reflects our broader dedication to diversity and belonging,CSC only accepts resumes from employment agencies that are part of our approved supplier program. Resumes submitted from other agencies either to talent acquisition, our hiring leaders, employees, or through any other mechanism other than our supplier process, will not be eligible to claim related fees and the submitted resumes will be considered property of CSC.We encourage candidates to apply directly to our website and not through third-party sources.Why Work with CSC?At CSC, we don’t just keep businesses running—we help them thrive. For more than 125 years, we’ve been the trusted partner for 90% of the Fortune 500®, leading financial institutions and businesses worldwide. As the global leader in business, legal, financial, and digital brand services across 140+ jurisdictions, we set industry benchmarks through innovation, integrity, and excellence.Privately held and professionally managed since 1899, CSC is the business behind business®, delivering knowledge-based solutions from our headquarters in Wilmington, Delaware, USA, to clients across the globe. Our success is built on a people-first culture that fosters growth, collaboration, and agility. Recognized as a Top Employer in India, we are committed to creating an exceptional workplace where talent flourishes.Important notice: CSC only accepts resumes from agencies in our approved supplier program. Resumes submitted through unauthorized sources—including direct submissions to hiring leaders or employees—will be considered property of CSC, with no fees eligible for claims. We encourage candidates to apply through our website for a seamless hiring experience.🔗 Explore opportunities: [CSC Careers link]Why work for us?At CSC, we invest in your growth, well-being, and success. Here’s what sets us apart:Global legacy: Join a powerhouse shaping industries worldwide.Career growth and mobility: Access internal promotions, leadership programs, and skill-building opportunities to accelerate your career.Recognition and rewards: Enjoy performance-based bonuses, and employee recognition programs.Work-life balance: Benefit from hybrid work models and state-of-the-art collaborative spaces.Continuous learning: Gain tuition reimbursement, professional certifications, and expert-led development programs in leadership, technical skills, and more.Inclusive culture: Be part of a workplace where diversity, equity, and belonging fuel innovation and success.Community impact: Make a difference through CSC Gives Back, including our partnership with Kiva, to empower underserved communities through microloans.Disclaimer: This job description serves as a general guideline and may evolve based on business needs.