Systems Audit Vertical Head (VP/Sr VP)
Reports to CEO, ReBIT
This role is responsible for providing technical audit support to RBI’s banking supervision and regulatory functions. For this purpose, he/she is expected to assemble a diverse team of capable professionals who will examine IT systems from diverse perspectives and analyse them to identify the veracity of assumptions and assertions of the business processes and IT systems under review. This will include developing ability to use the Big Data analysis, digital forensics and business intelligence tools.
This role works closely with the supervision teams of RBI in Department of Supervision (DOS) and Department of Payment and Settlement Systems (DPSS) to develop and execute effective IT examination plans, covering application systems and infrastructure components such as databases, applications, operating systems, data centers, messaging platforms and IT General controls processes and submit system audit reports with executive summaries on the observations and the overall risk factors ratings to respective RBI departments.
- Graduate degree in information systems, engineering, technology, computer science, or a related field. Master’s degree in technology/Management preferred.
- Extensive experience in technology function or in a technology audit role. Relevant experience in financial services desirable.
- Strong understanding of application development, databases, networking, technology infrastructure and cyber security technologies.
- Advanced knowledge of technology risk management and cyber security controls including: Business continuity Management, privacy and data protection, application security, (e.g. user entitlements, authentication, accountability), system architecture and design (e.g. availability, performance, scalability, data integrity), technology operations (e.g. change and release management, data backup and retention, capacity management), and technology governance (e.g. technology risk management, metrics/KRIs, cyber security rules and regulations)
- Interest in broad exposure in banking domain areas - banking operations, investment management, sales, trading, operations, risk management, finance, legal, and compliance activities in the banking industry
- Proficient understanding of current regulatory and industry events
- Relevant professional certifications are a plus
A minimum of 20+ years of relevant industry experience, of which at least 5 years as CTO/CISO/IS Audit Head in a reputed financial institution would be desirable. A history of proven delivery of results. Candidates with IS/IT systems audit will be preferred.
IT/ITES, Banking captive units, Banking/financial services, cyber Security consulting/Auditing organizations
- Excellent communication (verbal, written, listening) and interpersonal skills
- Ability to develop and maintain effective working relationships with peers and stakeholders
- Should be a team player with proven leadership qualities
- Intellectual curiosity and healthy skepticism
- Ability to synthesize and articulate complex ideas
- Critical thinking and problem-solving abilities
- Strong project management, organizational, and presentation skills
- Commitment and strong work ethic
- Ownership of Systems Audit vertical in executing the mission - Assist RBI in performing risk-based supervision of regulated entities through security audits and incident analysis including:
- Maintain confidentiality of information and observation
- Program management of IT examinations
- Proactive resource planning and continuous development of cyber security competencies
- Engaging with stakeholders to understand key processes and meeting service level expectations
- Ensuring adherence to defined standard operating procedures
- Guidance to team members in execution of risk-based audits
- Building robust standards, processes in executing audit plans during IT examination/thematic examinations
- Support in carrying out impact assessment on cyber security incidents, forensics analysis reports reviews
- Technical inputs on threat intelligence impacting financial sector
- Designing parameters and having an oversight for high quality systems audit reports
- Timely MIS reports to management internally and stakeholders
- Contribution to ongoing Risk Based Supervision activities, including:
- Identifying emerging sector-wide cyber risks, enhancing KRIs and completing risk assessments of emerging technologies
- Providing advisory services during the development of new framework, processes, and systems
- Managing audit staff, while providing timely and candid feedback and coaching
- Researching and understanding policies, technologies, global banking regulations and provide opinions on technology/cyber security relevant for Indian banking sector & RBI
- Sharing thought leadership artefacts and documents on technology/cyber security with stakeholders
- Engage with RBI for delivering risk assessments, consulting engagements and advisories in cyber security domain
- Making innovative recommendations for improving efficiency, effectiveness, cyber resilience in the IT supervisory processes.
- Executing special transformational cyber security projects as per the requirement of stakeholders
- Mandatory (At least two certification credentials) - CISA, CIA, CISSP, CISM, PMP
- Preferred certifications – ISO27001 LA, ISO 22301 LA, ITIL credentials
Navi Mumbai/ Mumbai