Department/Area Function:
Information Technology (IT) Risk Management program is designed to identify, manage, measure, and mitigate risks in all IT Capabilities.
- Maintaining and enhancing IT risk management framework. The framework is comprised of tools and processes to help:
- Identify new risks, changes in risk, or relationships between risks
- Monitor and escalate key matters of risk and control.
- Support IT management in maintaining a complete and accurate Process, Risk, and Control library
- Formulating, disseminating, and administering IT risk management policy and procedures.
- Providing risk and control consultation and evaluations of control effectiveness to support/ evidence management awareness of the effectiveness of the control environment (i.e., assist management in issue self-identification)
Liaising with Technology Risk, Information Security, Technology Centers of Excellence and with other subject matter experts within the organization to ensure that risks and appropriate mitigants are identified and communicated throughout the organization.
Principal Responsibilities:
- Support efforts to identify and manage risk within assigned area(s) of responsibility.
- Develop and strengthen relationships with IT partners and control evaluation functions across the 3 lines of defense
- Develop, communicate, and ensure adherence to department risk policies, procedures and best practices.
- Demonstrate and embed the behaviors and competencies that create a risk management mindset in your organization; a=
- Support, and eventually lead, risk management activities including review of policy and procedure documents for alignment with controls, incorporation of changes, etc.
- Become a central point of contact for risk and compliance items throughout the AES organization.
- Gathering, preparing, and reviewing inputs into reporting (e.g., risk treatment, risk profiles, inherent risk assessments)
- Ability to work as a team lead within the IT Risk Management (ITRM) projects.
- Work back with the project team to maintain transparency in communication, highlight risks and share mitigation plan.
- Develop and maintain productive working relationships with client personnel.
- Planning and monitoring of the project deliverables for the team
- Mentor the project team in executing the project deliverables and report status to the Project leaders/sponsors.
Incumbent will also be consistently responsible for facilitating the:
- Tracking and escalation of compliance items included on the IT Risk & Control Report/ Dashboard
- Issue and action closure facilitation including meeting coordination, evidence gathering and review, documentation preparation and review.
- Control evaluations performed by audit and/or management control testing functions as well as regulatory exams to gather, review, and prepare required evidence.
Experience:
- 3-5 years of experience in the field of IT Security / Information Security / Cyber Security.
- Experience in working with IT Risk Management frameworks to identify, analyze, mitigate, monitor, and communicate IT risks.
- Experience in conducting IT controls validation and testing and identifying control deficiencies.
- Leading discussions with key stakeholders and staff to collect information requests. Familiarity with process mapping and control identification along with data collection and analytic skills.
Mandatory Requirements:
- Comprehensive understanding of IT Processes Risk and Controls or experience in IT Audits and IT General Controls.
- Conduct risk assessments for IT process, applications, network infrastructure assets.
- Draft IT/Cyber risk assessment reports including findings, associated risks, and recommendations.
- Well versed with the security design concepts and should be able to drive IT risk management agenda.
- Demonstrate flexibility to travel to the customer locations / other EY offices, on need basis.
- Provide coverage / overlap during US shift hours, as per the client requirement.
- The incumbent would be hired based on Build, Operate and Transfer model and would be transferred to the client payroll, as per the client requirements.
Preferred Requirements:
- Demonstrated ability to work pro-actively with all levels of management and staff.
- Highly motivated, detail-oriented, self-starter, who can set priorities, take initiative and work both independently and proactively in a dynamic team environment.
- Excellent inter-personal skills with a highly developed customer service orientation, and ability to work effectively with all levels of internal staff, and external contacts.
- Strong planning and project management skills.
- Strong process mapping and data collection and analysis skills
- Good documentation and communication skills.
- Foster teamwork, quality culture and lead by example. Understand and follow workplace policies and procedures.
Education, Training &/or Certification:
- Relevant professional qualifications such as MBA or MCA.
- B.E/B.Tech (Electronics, Electronics & Telecommunications, Comp. Science)/MBA IT/having experience with other Big3 or paneled IT/ ITES companies.
Relevant professional certifications such as ISO27001 LA, CISA, CISM, CRISC, CISSP, CCSP etc. preferred
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.