Risk Analyst

An exciting opportunity to build IT Risk Reviews at Experian. Your responsibilities include performing reviews that provide an independent and objective evaluation of risk within the business, technology, information security under the guidance of Risk Head. Managing daily risk related activities such as Risk & Control Self-Assessment (RCSA), DR reviews following approved plan, Product and Process note review, risk events review, training, partner management, report writing, open issue management, preparing deliverables for governance meetings and regulators

What you will do

• Planning, designing and implementation of RCSA review plans including obtaining background information on the reviewed, research the best practices, performing a risk and control assessment, defining RCSA scope, goals and develop work programme
• Manage and execution of RCSA field work, including documenting work papers, advising management of gaps identified and track applicable. Ensure completion of assigned reviews and documentation of work papers.
• Review new product programs, system developments, process, vendor engagements from system security perspective
• Perform periodic testing to identify gaps or issues or non-adherence to security and RBI guidelines
• Track status of issues reported/ identified and help keep relevant processes bench marked to Best Practices
• Provide improvement/ suggestions to existing process / systems to line management
• Evaluate adequacy and effectiveness of IT general controls and IT application controls.
• Have in-depth understanding of the processes, analysing prevailing practice in the industry, determining gaps, highlighting risks.
• Handle Special Assignments following Management direction & Investigations.
• Independently conduct RCSAs and responsible to participate in audits of various Businesses with particular emphasis on IT reviews

• 5 - 10 Years of related experience in Information Security / IT Risk/ IT Audit or relevant profile
• CISA, CISM, CISSP or equivalent certification with masters/ graduation degree preferably in computer science or information technology.
• Experience required in review of IT infrastructure, application development life cycle, cyber security, cloud infrastructure and applications, web security, end point protections. Exposure to RBI Cyber Security Framework
• Knowledge of IT governance and security standards such as NIST, ISO27001, COBIT, PCIDSS and equivalent.
• Knowledge/ understanding of banking products and practices, operations, regulatory, industry, banking competition, and potential risk area..
• Ability to interpret quantitative and qualitative data, formulate sound conclusions, and make consultative recommendations