Governance, Risk & Compliance Senior Analyst
Description
Strategic objectives:
Support Information security strategic program milestones
Support Risk function the inner department RCSA and KRIs.
Communicating information security awareness to all business units
Support bank’s vendors and third party governance.
Functional Objective:
Information Security Program
Ensure all processes related to IS operations are documented, effective and reviewed based on the best practices.
Ensure implementation of necessary information security policies, standards, procedures and guidelines.
Build and maintain Security Matrix for different access.
Ensure all processes has clear targets and operational level agreements approved by head of information security with all other teams involved with information security operations.
Ensure events are detected or reported, logged, assigned, reviewed, handled, cleared and reported clearly based on the periodicity and content agreed with the head of business information security.
Work closely with all parties in information security team, IT and business to ensure that risk/ threat based response is in place.
Regulatory and statutory requirements:
Ensure that regulatory requirements are embedded in the monitoring and response procedures.
Ensure that information security incident controls are part of third party governance.
Risk Identification, classification, assessment and evaluation
Ensure that the risks identified by information security, IT audit, IT risk are all aligned with the information security program.
Ensure Infosec RCSA and KRI are communicated on time to Operation Risk.
Assess controls for business projects during the requirements, acquisition, development and testing phases for compliance with the Information Security policies, standards, procedures and applicable external requirements, ensure Information security risks are addressed which could lead to organization financial and reputation loss.
Maintain a risk register to ensure that all identified risks highlighted with related accountability, monitor existing risk to ensure that changes are identified and managed appropriately.
Assemble risk scenarios to estimate likelihood and impact of significant risks to the business projects, Correlate identified risks to relevant business processes to assist in identifying risk ownership.
Analyse risks, incidents and interdependencies to determine their impact on business and relative business objectives.
Review Information Security Standards and Baselines and ensure it’s aligned with Information security policies.
Risk and Control Monitoring
Identify the gap between current and desired risk levels to manage risk, evaluate information security controls to determine whether they are appropriately and effectively mitigating the risk to defined acceptable level
Facilitate independent risk assessments and risk management Process review to ensure that they are performed efficiently and effectively
Identify and report on risk including compliance to initiate corrective action and meet business regulatory requirements.
Ensure that risk assessments, application security assessments and threat analysis are conducted periodically and consistently to identify risk to the organization’s information.
Monitor the controls/projects design and implementation processes against Information Security baselines and standard to ensure it is implemented effectively and within time.
Information Security Risk Response
Identify Risk Response Options and provide IT managers with information to enable risk response decisions
Apply Risk criteria to assist in the development of the risk profile for management approvals
Reporting
Communicate to Business Information Security Manager the status of the Business Security Program progress.
ليست هناك تعليقات:
إرسال تعليق