Role: Risk Specialist\nLocation: Bangalore\nSchedule: 12:00pm to 9:00pm\nWorking model: Hybrid\n\nIntroduction:\nThe Information Technology Risk Oversight (ITRO) function, within CSC Legal, Risk & Compliance Global Shared Services, is seeking to expand its dynamic second-line IT risk oversight team with the addition of a Technology Risk Analyst.\nThis role is a key component of the broader Risk Management and Governance frameworks and will play a pivotal part in the continued maturation and embedding of the Enterprise Risk Management framework . The position will focus on the oversight and management of current and emerging risks across Technology, Data, Cyber, and Artificial Intelligence (AI) and the implementation and support of CSC GRC tool migration\nSome of the things you will be doing:\nPromote good risk management practices and governance across the organization in line with CSC Enterprise Risk management Framework (ERMF). This includes close cooperation with Enterprise Security and Business Unit technology teams.\nSupport and drive the implementation of the GRC tool across ITRO, Risk & Compliance and Enterprise Technology\nSupport and guide risk and control owners during initial risk assessments of in-house and third party applications and emerging technologies including AI\nSupport and drive compliance with regulatory expectations.\nCreate necessary tools (policy, standards, workflows, templates, advice and guidance) to embed a structured, consistent way of risk identification, evaluation, monitoring and reporting across Cyber Security, Technology, Data and AI risk taxonomies.\nParticipate and facilitate IT & cyber risk assessments and deep dives across key systems and applications including third party systems and SaaS solutions\nPartner with Enterprise Security and BU Technology teams to ensure risks are properly recorded, tracked and remediated in CSC global GRC tool.\nPromote and support the development of appropriate control frameworks to ensure Cyber security, Technology, Data and AI risks are managed responsibly\nDriving firm-wide risk policy enhancements, consistent distribution of the policies, oversight of policy implementation and procedure/standard alignment\nOngoing assessment and recalibration of the global risk appetite across business units, shared services and locations across CSC\nTargeted and thematic risk management deep dives.
Undertake planned second line risk assessments, application control reviews and third party risk management.\nImplement modernization and automation of risk management tasks.\n\nWhat technical skills, experience, and qualifications do you need?\nCritical thinking, with a willingness to learn, grow, and challenge status quo.\nMinimum of 3 years’ experience in Information Security and/or Technology Risk management within financial services ideally within regulated environments.\nRelevant certification(s) Ideal e.g. CISSP, CISM, CRISC or CISA\nKnowledge of GRC tooling (Diligent One platform preferred)\nExperience in technology risk management, information security and cyber with a focus on risk identification, assessment and mitigation\nExperience with industry frameworks such as COSO, COBIT, ISO27001, NIST and other including a solid understanding of the 3 lines of defence model.\nKnowledge of Operational resilience regulations and guidelines including DORA\nHands-on experience in targeted and thematic risk management deep dives from planning, scheduling and execution with good written and communication skills to all levels of management.\nExperience in using and implementing solutions with AI tools such as Claude Code / Github Copilot is an advantage.\nBasic understanding on third party risk management.\nData management and governance experience ideal but not essential, however an interest to grow personally as the company mature.\nResults orientated. A self-starter with a commitment to challenge the status quo and help drive the risk management agenda forward in partnership with colleagues across all lines of defence\nStakeholder management.
The successful candidate will have excellent interpersonal skills and the ability to communicate well at all levels of the organisation
