HDFC CREDILA - Manager - IT Governance/Risk/Compliance (8-15 yrs)

Roles & Responsibilities: -

- The IT Governance, Risk, and Compliance (GRC) Manager will be responsible for supporting the development, implementation, and management of IT governance, risk, and compliance programs.

- The role involves working closely with various departments to ensure that IT processes align with corporate governance standards, manage risks effectively, and comply with relevant regulations and standards.

- Additionally, the analyst will be responsible for overseeing compliance with IT outsourcing requirements, ensuring that all third-party service providers adhere to organizational and regulatory standards.

Governance:

- Assist in the development and implementation of IT governance frameworks, policies, and procedures.

- Monitor adherence to IT policies and ensure alignment with business objectives.

- Support the creation and maintenance of IT governance documentation, including policies, standards, and guidelines.

- Collaborate with stakeholders to ensure IT initiatives comply with governance frameworks.

Risk Management:

- Identify, assess, and prioritize IT risks, including operational, security, compliance, and strategic risks.

- Develop and maintain the IT risk register, ensuring risks are documented, mitigated, and monitored.

- Conduct regular risk assessments and gap analyses to identify potential vulnerabilities and areas for improvement.

- Work with IT teams to develop and implement risk mitigation strategies.

Compliance:

- Ensure IT operations comply with relevant regulatory requirements, industry standards, and corporate policies.

- Manage and support IT audits, including internal and external audits, ensuring timely response and remediation of findings.

- Stay up to date with relevant laws, regulations, and industry standards (e.g RBI Master Directions) and assess their impact on the organization.

- Develop and maintain compliance documentation, including policies, procedures, and audit trails.

- Conduct training sessions and workshops to raise awareness of compliance requirements within the organization.

IT Outsourcing Compliance:

- Oversee compliance with IT outsourcing agreements, ensuring that third-party service providers adhere to contractual obligations, regulatory requirements, and organizational standards.

- Evaluate and monitor the performance of IT outsourcing vendors, ensuring they meet defined SLAs and compliance requirements.

- Conduct regular assessments of outsourced IT services to ensure alignment with company policies and industry standards.

- Manage and mitigate risks associated with IT outsourcing by developing and implementing appropriate controls and monitoring mechanisms.

- Collaborate with legal and procurement teams to review and negotiate IT outsourcing contracts, ensuring compliance with applicable regulations and organizational policies.

- Maintain documentation related to IT outsourcing arrangements, including contracts, SLAs, and compliance reports.

Change Management:

- Develop and implement change management strategies to ensure the successful adoption of IT governance, risk, and compliance initiatives.

- Work with IT and business stakeholders to identify the impact of changes and develop appropriate communication and training plans.

- Ensure that all changes are documented, reviewed, and approved through the formal change management process.

- Monitor and report on the progress of change management activities, identifying and addressing any issues or resistance.

- Facilitate post-implementation reviews to assess the effectiveness of change management efforts and identify areas for improvement.

Project Management:

- Lead and manage GRC-related projects from initiation through to completion, ensuring alignment with organizational goals and timelines.

- Develop project plans, including scope, objectives, deliverables, timelines, and resource allocation.

- Coordinate with cross-functional teams, ensuring clear communication and collaboration throughout the project lifecycle.

- Monitor project progress, manage risks, and ensure that projects are delivered on time, within scope, and within budget.

- Provide regular updates to senior management and stakeholders on project status, including any issues, risks, or changes.

- Ensure that all project documentation is complete and accurate, and that lessons learned are captured and applied to future projects.

Incident Management:

- Support the development and implementation of IT incident management and response procedures.

- Assist in the investigation of security incidents, breaches, and non-compliance issues, ensuring timely resolution.

- Document incidents and lessons learned to improve future response efforts.

- Monitor and evaluate the effectiveness of GRC programs, recommending improvements as needed.

Skills:

- Strong understanding of IT governance frameworks and risk management methodologies.

- Knowledge of IT outsourcing practices, vendor management, and related compliance requirements.

- Excellent analytical and problem-solving skills, with the ability to assess complex issues and recommend solutions.

- Strong communication and interpersonal skills, with the ability to interact with stakeholders at all levels.

- Proficiency in using GRC tools and software. Strong organizational skills and attention to detail.

Education:

- Bachelor's degree in information technology, Computer Science, or related field.

- Relevant certifications are a plus.

- Certifications: Relevant certifications such as CISA, CISSP, ITIL, PMP

Experience:

- Minimum of 8-10 years of experience in IT governance, risk management, and compliance