IT Risk Office

Job Role/Description

• Develops, initiates, maintains, and revises policies and compliance assurance procedures for the general operation of the Compliance Program. Manages day-to-day operation of the ITRO Program
• Acts as an independent review and evaluation body to ensure that compliance Issues/concerns within the organization are being appropriately evaluated, investigated and resolved
• Conduct periodic IT Audits
• Monitors, and as necessary, coordinates compliance activities of other departments to remain abreast of the status of all compliance activities and to identify trends
• Identifies potential areas of compliance vulnerability and risk; develops/implements corrective action plans for resolution of problematic issues, and provides general guidance on how to avoid or deal with similar situations in the future. Risks should be identified, assessed and monitored on an ongoing firm-wide and individual entity basis
• Provides reports on a regular basis, and as directed or requested, to keep the Account Stake holders and senior management informed of the operation and progress of compliance efforts
• Institutes and maintains an effective compliance communication program for the Account, including promoting (a) heightened awareness of Standards of Conduct, and (b) understanding of new and existing compliance issues and related policies and procedures
• Develop an effective compliance training program, including appropriate introductory training for new employees as well as ongoing training for all employees and managers
• Participate in local and global discussions to formulate new or enhance existing security processes, policies and standards

Required Skills

Candidate should have experience in:

• Implementing written policies, procedures, and standards
• Conducting Risk Assessments and tracking Remediation Plans
• Conducting Internal Compliance Monitoring and auditing
• Handling Audit findings
• Handling Information Security Compliance for large programs

Candidate should have at least a relevant experience of 10+ years in the above areas.

Candidate should have industry recognized certifications (CRISC / CISA / CISM / ISO 27001 LA / ISO 31000 / ISO 27701 / BS 10012 / GDPR).