Department/Area Function:
Information Technology (IT) Risk Management program is designed to identify, manage, measure, and mitigate risks in all IT Capabilities.
- Maintaining and enhancing IT risk management framework. The framework is comprised of tools and processes to help:
- Identify new risks, changes in risk, or relationships between risks,
- Assess the scope and quality of internal controls, and
- Monitor and escalate key matters of risk and control.
- Maintaining the Process, Risk, and Control library and conduct management controls testing.
- Formulating, disseminating, and administering IT risk management policy and procedures.
- Providing risk and control consultation, and verification of control effectiveness to support organization goals and improving the IT control environment.Liaising with Legal, Information Security, Office of Corporate and Regulatory Compliance, and other subject matter experts within the organization to ensure that risks and appropriate mitigants are identified and communicated throughout the organization.
Experience:
- 1-3 years of experience in the field of IT Security / Information Security / Cyber Security.
- Experience in working with IT Risk Management frameworks to identify, analyze, mitigate, monitor, and communicate IT risks
- Experience in conducting IT controls validation and testing and identifying control deficiencies.
- Interacting with stakeholders and staff to collect information requests.
Mandatory Requirements:
- Comprehensive understanding of IT Processes Risk and Controls or experience in IT Audits and IT General Controls.
- Conduct risk assessments for IT process, applications, network infrastructure assets.
- Draft IT/Cyber risk assessment reports including findings, associated risks, and recommendations.
- Demonstrate flexibility to travel to the customer locations / other EY offices, on need basis.
- Provide coverage / overlap during US shift hours, as per the client requirement.
- The incumbent would be hired based on Build, Operate and Transfer model and would be transferred to client payroll, as per the client requirements.
Preferred Requirements:
- Demonstrated ability to work pro-actively with all levels of management and staff.
- Highly motivated, detail-oriented, self-starter, who can set priorities, take initiative and work both independently and proactively in a dynamic team environment.
- Excellent inter-personal skills with a highly developed customer service orientation, and ability to work effectively with all levels of internal staff, and external contacts.
- Strong planning and project management skills.
- Strong process mapping and data collection and analysis skills.
- Good documentation and communication skills.
Education, Training &/or Certification:
- Relevant professional qualifications such as MBA or MCA.
- B.E/B.Tech (Electronics, Electronics & Telecommunications, Comp. Science)/MBA IT/ having relevant experience with other Big3 or paneled IT/ ITES companies.
Relevant professional certifications such as, ISO27001 LA / LI preferred.
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.