דרושים Compliance Leader ב-Ibm ב-India, Bengaluru

You will work across our global teams and diverse stakeholders- security focals, executive program and delivery managers, regulatory and compliance certifications experts, product management, IT, and business teams to monitor, drive plans and deliver key security compliance metrics, analyze audit data, identify gaps, and contribute to the continuous improvement of IBM cloud security and compliance posture. Additionally, you will leverage your analytical skills to create dashboards, generate compliance reports, and support internal and external audits through data-driven insights.

• Generate compliance reports from an existing dashboard or build requirements to create a new reporting dashboard

• Proactively Monitor, track, and report on security compliance status across systems and processes.

• Analyze large datasets to identify trends, anomalies, and compliance risks.

• Support security audits, assessments, and certification efforts through data collection and analysis.

• Possess strong communication skill, collaborate with cross-functional matrix teams to drive root cause analysis, corrective actions and improvements based on data insights.

• Maintain and enhance compliance reporting dashboards and metrics for leadership visibility and decision making.

• Experience working with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology

• Working with the Development teams to ensure automation of evidence collection and evidence management is always in line with compliance expectations, otherwise, identifies specific actions and owners to meet the expectations.

• Assisting team members in addressing highly complex security issues applicable to enterprise environment

• Ability to utilize project management principles to properly scope compliance work efforts by service lines, identify common areas of work, and create a measurable milestone plans across service lines to enable completion of compliance work items on time.

• Ability to manage multiple priority projects simultaneously under a short timeline

• Experience/familiar with enterprise risk management (ERM) framework, service delivery operations, software development lifecycle and be able to understand when to request and integrate risk items into compliance reporting.

• Experience with compliance programs such as FedRAMP/ FISMA, HIPAA, GDPR, SOC 2, PCI, NIST, ISO, ITAR, etc.

• Conducting regular reviews on compliance progression of systems and hosting internal audit/assessment as required to maintain compliance certifications.

• Ability to translate and interpret regulatory compliance requirements into technical controls

• Ability to understand cloud enterprise business computing operations/requirements, and effectively communicate to service lines what is expected in order to consider a work item complete. Also, will possess good understanding of networking security including security systems such as firewalls, intrusion detection, vulnerability scanning, OS patching, health-checking

• Diagnosing the root cause of problems and propose solutions: Examples would be failed patches, tooling issues, false positives on system tests, authentication problems. Drive and track audit, security and compliance finding remediation to closure.

• Experience with enterprise configuration Management database (CMDB) or IT Asset inventory Management. Understand CMDB's structure, data quality, relationships between CIs (Configuration Items), and updates. Use the CMDB for risk, audit, and compliance analysis and reporting

• Proficiency in SQL, Excel (advanced level: pivot tables, macros), and ServiceNow— data analytics and visualization functionalities

• Ability to process large datasets, identify and handle missing data, data transformation, normalization, and data quality checks.

• Ability to perform data analysis to discover patterns and trends to mitigate security risks and drive business results

• Work with stakeholders to define key metrics and KPIs; develop dashboards and reports for business users.

• Collaborate with database engineers, data owners, security focal, product managers, and broader metrics teams to understand data needs.

• Results oriented with intense focus on achieving both short and long term goals. He/she should be able to drive and execute an agenda in a fast paced, dynamic environment.

• Strong project management skills with ability to design visual and appealing presentations

• Strong collaboration, problem-solving and critical-thinking abilities.

• Excellent communication skills — ability to explain technical findings to non-technical audiences.

• Good time management, organizational skills, and ability to prioritize tasks.

• Curiosity and a continuous learning mindset.

• A highly organized with strong attention to detail, analytical and project management skills

• Work independently within a team focused organization.

• Experience or familiar with cloud service models; IaaS preferred.

• Project management and consulting experience is a plus

• Experience with process automation is a plus

• Experience with Linux Shell, Perl or Python is a plus

:

· Providing subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including ISO, SOC, HIPAA, PCI, FedRAMP/FISMA

· Having the ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc

· Interpreting standards, requirements, and their application to the enterprise Cloud environment in the most reasonable and cost-effective manner

· Developing, implementing, maintaining, and overseeing enforcement of security policies

· Collaborating with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology

· Conducting regularly scheduled audits on systems and hosting third-party audits as required in order to maintain certifications and compliance certificates.

· Working with the DevOps teams to prepare ongoing client reporting, information for prospective clients, and marketing materials

· Providing training to teams as needed

· Assisting team members and internal clients in addressing highly complex security issues applicable to enterprise environment

· Minimum of 12 years of relevant compliance experience and cybersecurity knowledge

· Compliance leaders do not require dev experience, but it is an advantage. 10+ years of security compliance audit experience is a must

· Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc

· Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI

· Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology

· Ability to understand enterprise business computing operations/requirements, and in particular, Cloud

· Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions

· Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

• Working in a change-controlled production environment.
• Diagnosing the root cause of problems and propose solutions: Examples would be failed patches, tooling issues, false positives on system tests, authentication problems.
• Expertise in system configuration, especially privilege control (for example sudoer configuration), and system level firewall (iptables)
• An understanding of basic networking concepts: ipsec tunnels, firewalls, routers, public and private addressing.

· Project Management knowledge and experience a strong plus

· container based architectures and implementations such as kubernetes, docker, etc.

Education qualification.

• Computer science BSc or equivalent
• Security/privacy specific training such as ISO 27001 LA CISA, CISM, CISSP etc

Analysts engage in risk, compliance, and financial crimes projects to serve Promontory (PRR) clients within the banking and finance industry – helping them meet and exceed regulatory expectations. Analysts are expected to positively contribute to Promontory’s success in a variety of areas, including BSA, anti-money laundering surveillance and reporting assistance, OFAC sanctions compliance, and other areas relevant to today’s heightened regulatory climate.

Analysts must possess excellent writing, research, analytical, and critical thinking skills, and other applicable experience that leads to success in the role, such as strong work ethic and natural curiosity. Analysts must be able to judiciously analyze, assess, and write clearly and concisely. The nature of this work requires individuals to be flexible, learn new skills, work within time constraints, and meet uncompromising quality requirements and production expectations while working closely with others in a dynamic team environment.

•Apply logic and strong reasoning skills to conduct research for case analysis.

•Use sound decision-making skills to make recommendations based on research results.

•Compose comprehensive supporting narratives

•Interpret and apply project policies and procedures to direct work.

•Maintain high work product quality as outlined by each project specifications.

•Ensure work adheres to defined engagement policies and procedures

•Manage work efficiently to meet production goals and project deliverables.

•Contribute to developing individual and project goals and execute on tactical strategies for goal attainment.

•2 to 3 years prior AML experience REQUIRED.

•2+ years compliance experience at a financial institution is STRONGLY PREFERRED.

•Retail banking experience is PREFERRED.

•The ability to work independently, take initiative, and able to adapt to change.

•Ability to quickly understand and maintain current know3ledge of banking regulations, concepts, and issues.

•Quickly learn new applications and client systems to conduct research.

•Exercise sound judgment and observe the highest degree of confidentiality.

•Adept at multi-tasking and meeting deadlines in high-pressure environment.

•Results oriented team player with strong initiative and flexibility.

•Strong analytical and problem-solving abilities.

•Superior writing skills with the ability to convey ideas clearly and succinctly.

•Exemplary customer service towards both internal and external parties.

•Exceptional research and processing skills with the ability to analyze large data sets, decipher higher risk attributes (transactional, geographical, product, customer type, etc.), and disposition appropriately.

•Demonstrate competency with computers, including proficiency with all Microsoft Office products, and should have prior experience with a variety of computer database and testing systems.

Anti-Money Laundering (AML) Alerts – COMPLEX

· Review alerts generated by client systems for anomalous or potentially suspicious activity

· Review Know Your Customer (KYC) data for the focal client

· Analyze account transaction histories to identify activity indicative of money laundering, terrorist funding, or other potentially unusual or suspicious activity

· Conduct due diligence research on focal party and key counterparties

· Compare research and analysis to alert typology and close or escalate based on the review

Anti-Money Laundering (AML) Case Investigations

· Review alerts escalated to case and other cases such as Fraud and Legal Orders

· Review Know Your Customer (KYC) data for the focal client(s)

· Conduct multi-year transaction trend analysis

· Analyze large/complex account transaction histories to identify activity indicative of money laundering, terrorist funding, or other potentially unusual or suspicious activity

· Review detailed transaction images to verify and deepen understanding of activity

· Conduct thorough open-source research to verify customer and counterparty details and identify risks

· Send Requests for Information (RFI)s to bank customers to gather details on activity or other gaps

· Conduct additional due diligence research on focal party and key counterparties

· Create detailed case narratives outlining the investigation and reasons for closure or escalation

Suspicious Activity Report (SAR) Filing

· Accurately complete regulatory reporting to be submitted to FinCEN

· Locate and add Subject Information

· Enter descriptions of suspicious activity

· Enter financial institution details & contact information

· Enter a complete, detailed breakdown of the suspicious activity

· Present the SAR to the bank for review prior to submission to FinCEN

Office of Foreign Asset Controls (OFAC) Sanctions Screening

· Review sanctions screening alerts generated by client systems as possible OFAC matches

· Compare customer profile and OFAC match profile details to identify mismatches

· Utilize phonetics, spelling, and knowledge of short names nicknames to support name mismatches

· Utilize client provided Politically Exposed Person (PEP) guidance for close family members to ensure alignment to client policy

· Conduct online research to confirm or clarify mismatch or match data

· Close mismatches or escalate possible true matches with notations on mismatches or matching data

· Review KYC alerts generated by client systems for new customer or ongoing KYC review/remediation

· Review customer profile details and any KYC gaps

· Review customer documentation for validity, completeness, and any required notary services

· Update customer profile details with incoming data from documentation and KYC questionnaires

Currency Transaction Report (CTR) Review – COMPLEX

· Pull, aggregate, and reconcile multiple transaction reports

· Validate transactions are truly cash and not processed as cash by bank personnel

· Determine daily cash aggregates per customer exceeding $10,000

· Determine if CTRs were filed by bank personnel and file missing CTRs

· Review Customer KYC Data, Customer Profile, Account Types, Purpose of Accounts, and Expected Use

· Verify Customer details such as address, SSN, DOB, and other relevant information

· Verify supporting documentation for all profile information

· Determine Source of Wealth and Source of Funds

· Conduct risk assessment and risk rating based on the bank risk methodology

Enhanced Due Diligence (EDD)

· Review Customer KYC Data, Customer Profile, Account Types, Purpose of Accounts, and Expected Use

· Verify Customer details such as address, SSN, DOB, and other relevant information

· Conduct thorough open-source searches to validate accuracy of data and risks – including geography

· Verify supporting documentation for all profile information

· Determine Source of Wealth (SOW) and Source of Funds (SOF)

· Verify SOW and SOF are aligned with what is seen in customer transactions

· Conduct risk assessment and risk rating based on the bank risk methodology

Undergraduate degree in Business Administration, accounting, finance, or other related discipline; or equivalent combination of education and experience that is required for the specific job level.

As Process Analyst – Risk & Compliance (Anti Money Laundering), you will be part of a global team of financial crime specialists working on the Anti Money Laundering process providing services to global banks.

Your primary responsibilities include:

· Efficient gathering and reviewing of new client information, as well as monitoring financial transactions for existing clients to identify suspicious activities.

· Analyze information received from the Bank and address AML sanctions-related alerts (OFAC)

· Investigate and assess alerts relating to potential money laundering risks in the organization.

· Stay updated on money laundering and terrorist financing behaviors, policies, regulations, criminal typologies, industry best practices, and emerging trends.

· Graduate with 1-3 years of experience in Anti Money Laundering, Enhanced Due Diligence, and Customer identification program.

· Familiarity with AML issues and suspicious transaction monitoring systems.

· Ability to quickly understand and comprehend AML risks unique to a business unit, develop comprehensive user requirements, and suggest automated solutions to mitigate those risks.

· Experience in financial services transaction data analysis, risk rating, and Name Screening.

· Working Knowledge in US/UK Regulatory Policies

· Strong narrative writing skills.

· Proficient in MS Office applications and proven analytical skills required to organize and analyze multiple, complex data sets.

· Self-directed and ambitious achiever.

· Meeting targets effectively.

· Skilled in thriving under deadlines and contributing to change management, showcasing strong interpersonal teamwork.

Analysts engage in risk, compliance, and financial crimes projects to serve Promontory (PRR) clients within the banking and finance industry – helping them meet and exceed regulatory expectations. Analysts are expected to positively contribute to Promontory’s success in a variety of areas, including BSA, anti-money laundering surveillance and reporting assistance, OFAC sanctions compliance, and other areas relevant to today’s heightened regulatory climate.

Analysts must possess excellent writing, research, analytical, and critical thinking skills, and other applicable experience that leads to success in the role, such as strong work ethic and natural curiosity. Analysts must be able to judiciously analyze, assess, and write clearly and concisely. The nature of this work requires individuals to be flexible, learn new skills, work within time constraints, and meet uncompromising quality requirements and production expectations while working closely with others in a dynamic team environment.

•Apply logic and strong reasoning skills to conduct research for case analysis.

•Use sound decision-making skills to make recommendations based on research results.

•Compose comprehensive supporting narratives

•Interpret and apply project policies and procedures to direct work.

•Maintain high work product quality as outlined by each project specifications.

•Ensure work adheres to defined engagement policies and procedures

•Manage work efficiently to meet production goals and project deliverables.

•Contribute to developing individual and project goals and execute on tactical strategies for goal attainment.

•2 to 3 years prior AML experience REQUIRED.

•2+ years compliance experience at a financial institution is STRONGLY PREFERRED.

•Retail banking experience is PREFERRED.

•The ability to work independently, take initiative, and able to adapt to change.

•Ability to quickly understand and maintain current know3ledge of banking regulations, concepts, and issues.

•Quickly learn new applications and client systems to conduct research.

•Exercise sound judgment and observe the highest degree of confidentiality.

•Adept at multi-tasking and meeting deadlines in high-pressure environment.

•Results oriented team player with strong initiative and flexibility.

•Strong analytical and problem-solving abilities.

•Superior writing skills with the ability to convey ideas clearly and succinctly.

•Exemplary customer service towards both internal and external parties.

•Exceptional research and processing skills with the ability to analyze large data sets, decipher higher risk attributes (transactional, geographical, product, customer type, etc.), and disposition appropriately.

•Demonstrate competency with computers, including proficiency with all Microsoft Office products, and should have prior experience with a variety of computer database and testing systems.

Anti-Money Laundering (AML) Alerts – COMPLEX

•Review alerts generated by client systems for anomalous or potentially suspicious activity

•Review Know Your Customer (KYC) data for the focal client

•Analyze account transaction histories to identify activity indicative of money laundering, terrorist funding, or other potentially unusual or suspicious activity

•Conduct due diligence research on focal party and key counterparties

•Compare research and analysis to alert typology and close or escalate based on the review

Anti-Money Laundering (AML) Case Investigations

•Review alerts escalated to case and other cases such as Fraud and Legal Orders

•Review Know Your Customer (KYC) data for the focal client(s)

•Conduct multi-year transaction trend analysis

•Analyze large/complex account transaction histories to identify activity indicative of money laundering, terrorist funding, or other potentially unusual or suspicious activity

•Review detailed transaction images to verify and deepen understanding of activity

•Conduct thorough open-source research to verify customer and counterparty details and identify risks

•Send Requests for Information (RFI)s to bank customers to gather details on activity or other gaps

•Conduct additional due diligence research on focal party and key counterparties

•Create detailed case narratives outlining the investigation and reasons for closure or escalation

Suspicious Activity Report (SAR) Filing

•Accurately complete regulatory reporting to be submitted to FinCEN

•Locate and add Subject Information

•Enter descriptions of suspicious activity

•Enter financial institution details & contact information

•Enter a complete, detailed breakdown of the suspicious activity

•Present the SAR to the bank for review prior to submission to FinCEN

Office of Foreign Asset Controls (OFAC) Sanctions Screening

•Review sanctions screening alerts generated by client systems as possible OFAC matches

•Compare customer profile and OFAC match profile details to identify mismatches

•Utilize phonetics, spelling, and knowledge of short names nicknames to support name mismatches

•Utilize client provided Politically Exposed Person (PEP) guidance for close family members to ensure alignment to client policy

•Conduct online research to confirm or clarify mismatch or match data

•Close mismatches or escalate possible true matches with notations on mismatches or matching data

•Review KYC alerts generated by client systems for new customer or ongoing KYC review/remediation

•Review customer profile details and any KYC gaps

•Review customer documentation for validity, completeness, and any required notary services

•Update customer profile details with incoming data from documentation and KYC questionnaires

Currency Transaction Report (CTR) Review – COMPLEX

•Pull, aggregate, and reconcile multiple transaction reports

•Validate transactions are truly cash and not processed as cash by bank personnel

•Determine daily cash aggregates per customer exceeding $10,000

•Determine if CTRs were filed by bank personnel and file missing CTRs

•Review Customer KYC Data, Customer Profile, Account Types, Purpose of Accounts, and Expected Use

•Verify Customer details such as address, SSN, DOB, and other relevant information

•Verify supporting documentation for all profile information

•Determine Source of Wealth and Source of Funds

•Conduct risk assessment and risk rating based on the bank risk methodology

Enhanced Due Diligence (EDD)

•Review Customer KYC Data, Customer Profile, Account Types, Purpose of Accounts, and Expected Use

•Verify Customer details such as address, SSN, DOB, and other relevant information

•Conduct thorough open-source searches to validate accuracy of data and risks – including geography

•Verify supporting documentation for all profile information

•Determine Source of Wealth (SOW) and Source of Funds (SOF)

•Verify SOW and SOF are aligned with what is seen in customer transactions

•Conduct risk assessment and risk rating based on the bank risk methodology

Undergraduate degree in Business Administration, accounting, finance, or other related discipline; or equivalent combination of education and experience that is required for the specific job level.

Analysts engage in risk, compliance, and financial crimes projects to serve Promontory (PRR) clients within the banking and finance industry – helping them meet and exceed regulatory expectations. Analysts are expected to positively contribute to Promontory’s success in a variety of areas, including BSA, anti-money laundering surveillance and reporting assistance, OFAC sanctions compliance, and other areas relevant to today’s heightened regulatory climate.

Analysts must possess excellent writing, research, analytical, and critical thinking skills, and other applicable experience that leads to success in the role, such as strong work ethic and natural curiosity. Analysts must be able to judiciously analyze, assess, and write clearly and concisely. The nature of this work requires individuals to be flexible, learn new skills, work within time constraints, and meet uncompromising quality requirements and production expectations while working closely with others in a dynamic team environment.

•Apply logic and strong reasoning skills to conduct research for case analysis.

•Use sound decision-making skills to make recommendations based on research results.

•Compose comprehensive supporting narratives

•Interpret and apply project policies and procedures to direct work.

•Maintain high work product quality as outlined by each project specifications.

•Ensure work adheres to defined engagement policies and procedures

•Manage work efficiently to meet production goals and project deliverables.

•Contribute to developing individual and project goals and execute tactical strategies for goal attainment.

2 to 3 years prior AML experience REQUIRED.

•2+ years compliance experience at a financial institution is STRONGLY PREFERRED.

•Retail banking experience is PREFERRED.

•The ability to work independently, take initiative, and able to adapt to change.

•Ability to quickly understand and maintain current know3ledge of banking regulations, concepts, and issues.

•Quickly learn new applications and client systems to conduct research.

•Exercise sound judgment and observe the highest degree of confidentiality.

•Adept at multi-tasking and meeting deadlines in high-pressure environment.

•Results oriented team player with strong initiative and flexibility.

•Strong analytical and problem-solving abilities.

•Superior writing skills with the ability to convey ideas clearly and succinctly.

•Exemplary customer service towards both internal and external parties.

•Exceptional research and processing skills with the ability to analyze large data sets, decipher higher risk attributes (transactional, geographical, product, customer type, etc.), and disposition appropriately.

•Demonstrate competency with computers, including proficiency with all Microsoft Office products, and should have prior experience with a variety of computer database and testing systems.

An undergraduate degree in Business Administration, accounting, finance, or other related discipline; or an equivalent combination of education and experience that is required for the specific job level.

• Experience in handling delivery team for Infrastructure and cloud support.
  ITIL certified and ability to handle critsit.
• Must have experience of SLA management, run cost management, driving operational efficiencies and client interaction/stakeholder manager during crit sit incidents or key projects.
• Technical understanding of infrastructure landscape is must and cloud knowledge is preferred

• Ability to work on Global and local projects across multiple disciplines, Identify inter-dependencies between the various stakeholder groups to ensure all are aligned and risks are identified, mitigated and communicated
• Responsible for assembling project team, assigning individual responsibilities and enforcing accountability, developing and maintaining a budget and schedule to ensure timely completion of project ,Controlling and reporting progress to the Project Steering Group/Project Sponsor and escalating any issues, as appropriate, in a timely manner. Initiating corrective action where necessary in order to keep the project on track
• Proactively manage issues and mitigate risks to enable projects to stay on time, within budget, and with expected scope, Develop and Maintain Project Schedules: Incorporates regular updates from each functional team. - Should exhibit maturity is collaborating with senior members of customer team and establish effective governance.
• Maintains Project Plans: Develops, and continually updates, detailed project/program management plans. Develops work breakdown structures based on the project objectives and scope. Ensures PM methodology is adhered to.
• Manage Project Status Reporting: Prepares status reports to convey project scope, goals, milestones, budget, risk, status, change requests, and critical issues to the client and project team,Develop and Maintain Project Schedules: Incorporates regular updates from each functional team. - Should exhibit maturity is collaborating with senior members of customer team

• Project Management Professional (PMP) certification OR Agile certification OR Six Sigma certification
• Minimum 2 Cloud Certifications on AWS / Azure / GCP / IBM Cloud / OpenShift
• Drive continuous improvement and introduction of IT 'best practices' into all areas of process, metrics, and performance