Senior Cyber Organization alignment & Compliance Specialist

Governance, Risk, Compliance: 

• Ensure compliance with policies, regulatory requirements, and industry standards. 

• Identify, assess, and manage information security risks. 

• Ensure adherence to internal and external compliance requirements. 

Policy Exception Management: 

• Develop and maintain a comprehensive process for managing policy exceptions, including documentation, expiration date and approval workflows. 

• Ensure all policy exceptions are properly documented, reviewed, and approved in accordance with organizational standards. 

• Perform risk assessments for proposed policy exceptions to evaluate their potential impact on compliance and security.  

• Work with stakeholders to communicate policy exception process, develop compensating controls for policy exceptions, and ensure timely closure. 

• Regularly review and monitor granted exceptions to ensure compliance with the terms and conditions. 

• Conduct periodic audits to assess compliance with approved exceptions and identify deviations for remediation.  

Risk Control Self Assessments  

• Coordinate and ensure regular risk control self-assessments across various business units to identify and evaluate potential risks. 

• Compile and analyze assessment results and prepare detailed reports with actionable insights and recommendations. 

• Perform follow-ups to verify the effectiveness of implemented controls and risk mitigation measures. 

Offshoring Reporting 

• Maintain accurate and timely reporting of offshoring activities 

• Ensure alignment with regulatory reporting requirements, and supporting the organization’s compliance posture concerning offshore operations 

• Establish streamlined reporting mechanisms that meet both internal and external requirements. 

• Assess and manage the risks associated with offshoring arrangements. Ensure that appropriate controls and mitigations are in place to address any regulatory or compliance risks tied to offshore activities. 

ISG Service Portfolio Management: 

• Develop and maintain a comprehensive service catalog that accurately reflects the services offered by ISGRegularly review and update the service catalog to ensure it aligns with business needs and technological advancements 

• Monitor the performance of ISG services to ensure they meet established service level agreements (SLAs) and key performance indicators (KPIs). 

• Compliance Management  

• Oversee the implementation and management of information security compliance across the bank, ensuring alignment with regulatory requirements and industry standards 

• Identify relevant regulatory obligations related to information security and ensure appropriate actions are taken to meet these requirements. 

• Manage and track compliance incidents and exceptions, ensuring proper documentation and resolution through GRC systems. 

GRC Function Automation:  

• Be the owner of the bank’s GRC platform for ISG and oversee the management of the bank’s IS GRC solution.  

• Oversee the administration, configuration, and maintenance of the GRC platform to ensure optimal performance and availability 

• Enable centralized knowledgebase and GRC solution to automate Information Security activities and governance process with a centralized risk register, risk reports and dashboards related to overall risk posture for specific location and business unit.  

• Automate the GRC functions and reduce manual efforts to provide near real time insights into risks by performing quantitative and qualitative assessments.  

• Support local CISO’s / IS SPOCs in regulatory audit discussion and data required from ISG and enabling the local CISOs with Archer access to onboard the open issues for centralized tracking and governance. 

• Ensure that the solution is effectively used to support the organization’s information security governance, risk, and compliance activities