Analyze gaps between IT policies and procedures to ensure alignment with internal requirements and regulatory regulations.
Test the design and operational effectiveness of the IT operational control framework.
Monitor existing controls and IT processes in accordance with applicable regulations.
Prepare reports and documents related to new products and features for submission to regulators in coordination with the regulatory compliance division or other relevant stakeholders.
Coordinate the IT Steering Committee every quarter.
Facilitate IT stakeholders and external/internal auditors in providing advice and adequate data.
Monitor the resolution of audit findings.
Create a security awareness program by providing newsletters, e-learning, and phishing campaigns to all employees.
Analyze risks and ensure periodic reviews of IT-related key risk indicators (KRIs) and risk control assessments (RCSAs) to assess control effectiveness and identify new risks.
Monitor risk acceptance and provide recommendations on appropriate risk management.
Review vendor reviews related to IT risks, including information security if data is shared with vendors.
Monitor periodic reviews of user access and security controls on the Bank's systems.
Requirements:
Minimum Bachelor's degree in Computer Engineering and/or computer science (specifically IT-related) and/or other related fields.
Minimum 5 (five) years of experience in IT GRC or IT auditing in the banking, insurance, or related industries.
Understanding of business processes and regulations related to the banking industry.
Understanding of ISO 27001, ITIL, COBIT, and PCI-DSS standards.
Understanding of system vulnerability detection and prevention tools and information leaks.
