IT Governance Risk and Compliance AVP

Role: IT Governance Risk and Compliance Position:Manager / AVP Location: MGS - Bengaluru Job Responsibilities: IRMD is a regional first line of defense function supporting MUFG Banks branches in Asia Pacific region. This role is a team member and is a subject matter expert in the principles, processes and technical aspects of domains related to IT Governance, Risk and Compliance (IT GRC), and is responsible for establishing and maintaining first line governance and oversight on the management of IT risks within the Bank. IT Governance Support the development, review and reporting of key IT risk exposures and metrics (e.g., KRIs, KCIs and KPIs), and provide independent reporting on the IT risk posture or activities to the management team and stakeholders (e.g., second line of defense). Support the development, review and maintenance of regional IT risk management framework, standards, and procedures to ensure that they are relevant, up to date and aligned with Head Office and regulatory standards. Support the roll out and provide guidance to the regional IT teams and branches on global and regional IT risk management methodologies (ISO, NIST CSF, COBIT, COSO, SOX, SOC, etc.) and tools, to enable them to manage their IT risks in a standardized and systematic manner. IT Risk & Audit Conduct IT risk assessments, identify and assess IT risks, evaluate countermeasures, and recommend effective controls to mitigate IT risks. Monitor IT risks, map risk profiles and manage the IT risk register, as well as enhance Key Risk Indicators for reporting to second line of defense and risk management committees. Manage audit end to end collaboration with all relevant parties including Head Office, regulators, internal/external auditors, and subject matter experts. Assist with the management and coordination of audits, regulatory responses and assessments focusing on a broad scope of technology and information security topics. This includes understanding International Auditing Standards as well as understanding processes for documenting self-assessment evidence and records retention practices IT Compliance Execute, manage, improve, and implement processes to comply with IT regulatory and corporate requirements. Conduct, manage and drive IT Compliance assessments and reviews on IT regulatory and corporate requirements at the regional level. Ensure gaps are addressed via remediation plans that adhere to open issues management requirements including timely issue and corrective action plan submission, accurate root cause identification, corrective action monitoring, on time closure, and no failed validations. Third Party Management for Inter-Affiliates Support the implementation of the Third-Party Risk Management (TPRM) framework for the region. Support ASO and Branches to review the IT Controls. Ensure compliance with regulatory requirement. General Work in partnership with Head Office, various branches, and departments to support the implementation of global, regional and local projects. Provide advisory for technology compliance and risk management activities. Develop and maintain strong stakeholder management with all key stakeholders. Job Requirements: Experienced team player with the ability to work independently to organize, manage and complete projects within tight deadline. Strong experienc & good understanding of IT Governance, Risk and Compliance principles, IT controls in all disciplines of technology domains, as well as Cyber Security related risks. Experience with Business Continuity Planning (BCP) and Disaster Recovery (DR) process is required, including a proven track record in developing, implementing, and testing BCP and DR strategies to ensure organizational resilience and quick recovery of disruption. Good working knowledge of relevant IT-related laws and regulations of the Asian Pacific region, understanding of industry trends, knowledge on technology like Cloud, Cryptography, and IT security products etc. Experience managing a first-, second-, or third-line function responsible for technology and information security related risks and controls. Good interpersonal skills to effectively work in partnership with colleagues globally. Excellent written and verbal communication skills, strong attention to detail. Analytical skills with the ability to provide practical solutions for effective risk management. Self-driven and independent, able to work well cross-functionally, to think rigorously and make hard decisions and trade-offs when required. Good knowledge of people and project management, and infrastructure operations Willing to take on new tasks and initiatives to contribute towards continuous improvement. Preferably possesses Certified in Risk and Information Systems Controls (CRISC), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), etc. certification. Education level: At least Bachelor in Computing or similar fields. Experience: Minimum 5 years of relevant experience

Location: Bangalore, IN

Posted Date: 9/10/2024