Manager | Risk and Control Governance | Pune | Cyber Strategy & Transformation

Project Role: Risk and Controls Design and ImplementationResponsibilities include: Support the client CISO and CIO function in developing Enhanced Operating Model enabling holistic and efficient governance and management of Risks and Controls Develop High level operating model design blueprint with supporting process flows Support the CISO function in developing Procedures and integration within the Non-Financial Risk Management (NFRM) and Operational Risk Management (ORM) Framework. Support the CISO and CIO function with the implementation of the methodology for designing, developing, aggregating and reporting key metrics, including key performance indicators (KPIs), key control indicators (KCIs) and key risk indicators (KRIs), which underpins the Reporting and Governance definition & Implementation process.Develop Target Operating Model & Control Lifecycle ManagementQualifications: Bachelors degree (or equivalent experience) with 7-10 years experience in Risk Management, Risk and control designing and implementation Preferably with global banking clients. Proven experience in controls assurance, or internal audit, with strong focus on transformation, establishing new framework, methodology etc. ISO 27001, CRISC or CISA Certified Mandatory, CISSP certification Desirable Information Systems/Network Security knowledge Understanding of Risk Management framework such as NIST, ISO, COBIT or equivalent cyber security framework. Knowledge of Internal control concepts (e.g., Preventive Controls; Detective Controls; Anti-Fraud Controls; etc.) Strong understanding of regulatory requirements and industry best practices related to controls assurance, relevant to global banking risks such as Information Technology (IT), Information Security (IS), and/ or Data Management Exceptional communication skills, both verbal and written, with the ability to influence and engage stakeholders at all levels. Experience operating in a regulated environment and managing stakeholders across the Three Lines of Defense. Familiarity with cyber security, resilience and related domains preferred.