Senior Analyst- IT Risk

About the Role: Position Title: IT Risk Senior Analyst . Corporate Title: Senior Analyst Reporting to: Asia Risk Management Office Regional Vice President and Assistant Vice President Location: Bengaluru Job Profile: Position details: Monitor and analyze key risk/other indicator, Self Identified Issue, etc the IT, Cyber risk status based on quantitative data Monitor/Observe 1Line management meeting and conduct Review and Challenge Regulatory guideline analysis and providing the 2 Line opinion/response Review and challenge 1st Line branch IT RCSA and control testing output Global Cyber trend input and awareness insight share Roles and Responsibilities: IT Risk (Senior Analyst Level example): Job responsibilities include but not limited to: Under supervision and guidance from regional technology risk team, support branch technology risk management by running branch local Global KRI, SII analysis and response, monitor/observe 1LoD management meeting and conduct review and challenge, regulatory guideline analysis and providing the 2LoD opinion/response, branch IT Risk Control Self Assessment, etc. in collaboration with branch local risk team to ensure timely and effective assessment, monitoring, escalation of technology risk. Providing Subject matter Expertise from the second line in the principles, processes and technical aspects of domains related to Cyber and IT Security in above mentioned field and others. Working in close partnership with Regional Asia Risk Management Office and Systems Office for Asia (ASO First Line), Internal Audit Office for Asia (AIAO), various APAC branches to manage technology risk initiatives in accordance with regulatory requirements, MUFG internal policies, and industry best practices. Support regional Technology risk projects and specified BAU Second Line for Technology Risk Management will include but not limited to: Branch Technology Risk Governance, Oversight and Support Develop, review and maintain the branch Technology Risk Management above mentioned activities, processes and methodologies in line with regulatory requirements, MUFG policies, and industry best practices Perform thematic and targeted assurance reviews for prioritised areas, effectively articulate key risks/gaps, and guide first line to establish improvement plans to address the gaps In-depth and constructive collaboration with branches non-technology Risk Management Division to lift the branch technology risk management activity and to enable them to manage technology risk in a standardized and systematic manner Branch Risk Management and Audit Review and provide effective challenge to security risk assessments performed by the first line through committee meetings Provide guidance on IT risk regulations, risk assessments and industry best practices to regional and local first and second line so that they can focus their resources on key or high priority IT risk activities Monitor and report key risk indicators and prepare risk reports and dashboards to support management and risk committees on operational risk oversight Open issue management for Technology Risk Management incl. support to branches for regulatory and audit issues Manage audit end to end through collaboration with all relevant parties including APAC Regional Office, regulators, internal/external auditors and subject matter experts Work in partnership with head office, regional offices and branches to explore tools to automate and facilitate review and tracking of IT self-assessments, risk assessments, risk exceptions and acceptances General: Execute necessary training on policies and standards to develop an effective risk culture for Technology Risk management Provide advisory for technology compliance and risk management activities Support efforts on increasing IT risk awareness in the Bank to strengthen our first line Act as required based on any other instructions from the regional technology risk team lead Job Requirements: Strong understanding of IT governance, risk and cyber security concepts with minimum 5 years of relevant experience. Experience in Financial service would be preferred. Familiarity and implementation experience with IT risk and cyber security industry best practices and frameworks, as well as regulatory requirements and guidelines in Asia Experience in executing technology and /or security risk assessment and testing methodologies evaluating the adequacy and efficiency of security controls, and identifying issues resulting from internal and or external compliance reviews Experience in creation and review of work papers to document testing and/or issue closure for technology issue management including management of regulatory matters Experience with automating and or the ability to conceptualising automated control solutions is highly desired Experience with IT and cyber security risk metrics definition and reporting, scorecard development utilising key risk metrics tools (e.g. IBM OpenPages, Tableau, Access, etc.) Ability to work effectively in a team environment, and takes initiatives to collaborate and challenge status quo, and adaptable to embrace new changes Strong interpersonal and analytical skills attributes Self-motivated and able to work independently and source for information, systematically evaluate options and recommend solutions

Location: Bangalore, IN

Posted Date: 9/14/2024