Job Description

:The successful candidate should have 10-15 years of experience in Technology Risk Management, Information Security, Technology Governance, Internal Audit (Technology) or other related roles. The preferred candidate will have experience in Financial Services or other heavily regulated industries (e.g. Pharmaceuticals, Healthcare, etc.). Clear, concise and articulate communication of complex and conceptual topics is required for success.In addition, the following qualifications are preferred:

• Relevant industry certifications (e.g. CIA, CRISC, CISA, ITIL, CISSP, GRCP / CRCM)
• Cloud CSP training such as AWS Foundation and/or MS Azure Fundamentals
• Experience with Technology Implementation or Operation
• Hands on experience with Control Design and Implementation
• Understanding of the Audit Lifecycle
• Knowledge of relevant Technology and Business Regulations; ideal candidate has direct experience of interface with Regulators (principally PRA, MAS and HKMA).
• Knowledge of and/or hands-on experience of Technology Architecture
• Comfortable with ambiguity and able to make decisions
• Process Design and Analysis
• Documentation and Textual Analysis
• Data Analytics
• Experience negotiating with and influencing technical and/or senior stakeholders
• Knowledge of Cloud and DevOps
• Excellent understanding of Operational Risk Management for a technology stream
• Strong performer, with efficiency and delivery outcomes
• Makes a strategic difference
• Fluent English communication & writing skills
• Assertive & good problem-solving skills with common sense

This role is responsible for identifying, assessing, managing and governing risk through the application of the Bankxe2x80x99s Enterprise Risk Management Framework and specifically the underpinning Operational Risk Type Framework and with consideration given to industry standards and best practices.

• This role is key and responsible for continuing improvements in the Domain(s)xe2x80x99s approach to risk identification and mitigation, control management and audit engagement within the framework set out by the relevant authorities.
• This operations role ensures a constant state of preparation, readiness and continuous improvement across process, risk management and reduction, audit success, documentation, MIS systems and reporting.
• Maintain & Implement Risk and Control Process for 1st line of defence as per bankxe2x80x99s ERMF.

• Identify risk profile / R&R for all parties involved, Cloud Platform support Mgr, Platform engineer , Domain heads etc.
• Document & Maintain (review periodically for applicability, improvement and efficiency) the Risk Management process on Domain Risk Meetings, MOM Templates, Audit Engagements, Risk Approvals, Risk Extensions, Risk Assessments and Risk reviews done by UORM.
• Maintain central data repository for Risk & Control.

• This includes Risk Profile, Risk Analysis (Operational M7 & CRISP Security risks), Stakeholder engagement Matrix, CSAR Status, list of GIA Audits and status, Open and Overdue Audit status etc.
• Ensure Awareness of Rules of Engagement w.r.t Risk Management to all domain stakeholders either directly or through UORMs and Leadership to ensure consistency across domains.
• Advise and assist the Cloud & DevOps Portfolio Head(s) in driving and directing effective compliance with the prescribed Enterprise risk management framework
• Implement effective and efficient controls to minimise / mitigate operational impact
• Ensure proper management of risk and timely resolution of issues
• Promote understanding, practice and culture of Enterprise Operational Risk within the Domain(s).

#LI-SS2GRC Process

Wipro