Job Description

Business Function
Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.
Job Purpose
The IT Risk Manager is responsible for end?to?end management of Technology risks, including conducting RCSAs, identifying, monitoring, mitigating risks, and ensuring adherence to internal and regulatory policies. The role oversees audits, compliance requirements, issue identification and closure, and supports regulatory and internal reporting obligations. It requires strong coordination across Technology, Operations, Compliance, and stakeholders to ensure a resilient and well?governed Technology environment.The IT Governance Specialist is responsible for developing, implementing, maintaining and monitoring adherence to the IT department's policies, procedures and SOPs. This role involves helping in representation to management including presentations and reporting to various forums. This role requires contribution to IT risk management as well as IT vendor risk management. Understanding project management, is an added advantage. This role involves overseeing the assessment and continuous monitoring of IT vendors and partners to identify, evaluate, and mitigate information security, compliance, and operational risks. This role requires skills to ensure adhere to internal policies, industry standards, and regulatory requirements, protecting the organization's assets and reputation.
Technology Governance & Risk Management Technology Governance:

• Conduct and manage the full lifecycle of the Risk Control Self?Assessment (RCSA), including control identification, testing, effectiveness assessment, and documentation.
• Identify, monitor, track, and mitigate Technology risks across applications, infrastructure, processes, and third?party engagements.
• Facilitate and sign?off risk acceptance (RA) proposals in accordance with internal policies and governance requirements.
• Review, monitor, and support remediation for Change Management, Incident Management, and Problem Management activities to ensure risks are assessed and adequately addressed.
• Drive timely creation and execution of mitigation plans, ensuring closure of risk items within committed timelines.
• Strengthen ongoing risk monitoring through proactive checks, stakeholder dialogues, and thematic risk assessments.Preparation of comprehensive materials and presentations for key technology forums such as the IT Strategy Committee, IT Steering Committee, Technology Risk Forum, and Demand Forums.

Audit & Compliance:

• Manage all types of audits including regulatory (RBI/SEBI/MAS), internal audit, statutory audit, and concurrent audit. Support requirements for certifications including PCI DSS, ISO.
• Front-end audit engagements by coordinating with auditors, managing walkthroughs, responses, and preparing teams for examination activities.
• Conduct proactive internal checks prior to audits to assess readiness, validate evidence, and identify potential gaps in advance.
• Lead evidence collection, quality assurance, submission, escalation handling, and end?to?end closure of observations.
• Ensure accurate and timely reporting of audit statuses, progress updates, and action closure to senior stakeholders.
• Minimize repeat findings through structured remediation, control enhancements, and process health checks.Developing and implementing IT policies and procedures that align with organizational goals and industry best practices.
• Providing guidance and support to IT teams on IT governance and risk management matters.
• Identifying and implementing IT governance-related training needs for IT staff and end-users.
• Staying up-to-date on the latest IT governance trends and industry standards to ensure that the organization is current with best practices.
• Risk Review and confirmation on new product initiatives / new application requirements
• Risk review and signoff for exception change requests

Regulatory Compliance:

• Self Identification of Issues:
• Proactively identify issues, control gaps, deviations, and process weaknesses through continuous monitoring, thematic reviews, and internal assessments.
• Track and monitor identified issues to ensure timely and effective closure with accountability across Technology teams.
• Maintain accurate issue logs, update dashboards, and ensure evidence?backed closure as per governance requirements.
• Promote a culture of proactive risk detection and transparent reporting across Technology units.
• Review of new regulatory requirements / circulars and evaluation of compliance requirements, gaps to be remediated and monitoring of compliance actions

Regulatory & Internal Reporting

• Prepare and submit regulatory reports including RBI tranche reporting, Cyber Security KRO and any other Technology?related compliance submissions, and supervisory artefacts as required.
• Manage and track Key Risk Indicators (KRIs), perform trend analysis, and highlight emerging risks through structured KRI governance.
• Support internal risk reporting including dashboards, governance packs, periodic updates for senior management, and management forums.
• Ensure accuracy, completeness, and timely delivery of all regulatory and internal risk reporting commitments.
• Reporting and continuous monitoring:
• Establishing IT performance metrics and monitoring key performance indicators (KPIs) to measure the effectiveness and efficiency of IT processes.
• Developing internal controls checks to check adherence and reporting from time to time
• Driving Automation of control checks and adaption of AI, data and automation in to governance and risk practices

Risk Awareness & Culture

• Drive a strong risk?aware culture across Technology by promoting proactive identification of risks, early escalation, and transparent communication.
• Conduct regular training sessions, awareness programs, and targeted workshops to strengthen understanding of Technology Risk, compliance expectations, and audit preparedness.
• Partner with leaders and teams to embed risk?first thinking into day?to?day operations, project governance, and decision?making processes.
• Foster continuous learning by sharing lessons from incidents, audits, and thematic assessments to prevent recurrence and enhance capability maturity.
• Encourage teams to internalize accountability for controls, risk ownership, and adherence to regulatory and internal standards.

IT Risk Management including Vendor risk management

• Conducting periodic IT risk assessments to identify potential vulnerabilities and threats and recommending necessary controls to minimize risks.
• Lead the IT vendor risk management initiatives and ensuring adherence to the requirements
• Ensuring Vendor inventory is maintained, updated and reported from time to time
• Ensuring adherence to regulatory and internal requirements pertaining the IT vendors including inventory management, periodic review, Risk assessment, SLA monitoring, contracting, onboarding, offboarding and to ensuring adherence are being met on a timely basis.

Project Management:

• Ensuring that all IT projects are aligned with the organization's strategy, regulatory compliance requirements, and security standards.
• Optimization of IT investments

Documentation:

• Develop and maintain repository of technology risk policies, frameworks, and procedures as well as compliance documentation
• Create and implement required checklists for data gathering from stakeholder units for various internal reporting and compliance initiatives
• Maintain updated TOR for various internal governance forums
• Maintain current copies of regulatory directives and their applicability matrices
• Develop training and awareness materials on regulatory requirements and Tech Risk Culture for technology teams

Audit and Compliance:

• Coordinating with internal and external auditors to facilitate IT compliance audits and ensure timely completion of audit recommendations.

Collaboration and Communication:

• Collaborating with cross-functional teams to ensure Tech risk deliverables are met within committed deadlines
• Ensuring effective communication and collaboration across different technology teams and stakeholders
• Driving initiatives to enhance Tech Risk culture across units and create environment for proactive actions with regards to Tech Risks

Key Accountabilities/Responsibilities:
Requirements

• 5-8 years of relevant experience in IT Risk Management, Technology Audit, Compliance, or related roles.
• Strong understanding of RCSA, risk frameworks, incident/change/problem management processes.
• Hands on experience managing regulatory, statutory, internal, and concurrent audits.
• Experience with issue management, control testing, evidence management, and audit readiness.
• Strong analytical skills and the ability to synthesize risk information for leadership consumption.
• Familiarity with regulatory reporting (RBI/SEBI/MAS) and Technology-specific reporting standards.
• Strong understanding and practical experience in IT Governance and IT Party Risk Management principles and best practices.
• In-depth knowledge of Regulatory requirements including MAS, RBI, SEBI
• Strong hands-on experience in vendor risk management practices
• Strong analytical, problem-solving, and communication skills to effectively engage with internal and external stakeholders.
• Ability to identify control gaps and find solutions to mitigate the same
• Drive automation and adaption to new technologies to drive effective monitoring and governance risk oversight
• Experience with audit planning and reporting.
• Ability to work independently and meet given timelines

Education / Preferred Qualifications

• Bachelor's degree in IT, Computer Science, Engineering, or related field.
• Preferred: Master's in technology/IS or MBA.
• Certifications like CISA, CRISC, CISM, CISSP, ISO Lead Auditor are beneficial Graduation: BE IT/Computers/Electronics, B.Sc. - Computers, M.Sc. - Computers
• Post-Graduation: PGDIT, MCA, MBA, CA

Skills Required