Global Tech Regulatory Change Management Associate

Job Description

The Global Technology Regulatory Change Management (GTRCM) team part of CTC organization monitors the events (circulars, notices, guidance, regulations, laws etc.) issued by various regulators globally and analyze impact of those to the Global Technology (GT) organization. The team would further map the impactful regulations to the GT control catalog and assess gaps in the GT policies, standards, control objectives and procedures. Potential control gaps are reviewed with relevant Control Design Authorities (CDAs) to enrich the control catalog to meet the regulatory requirements. High Level tasks performed by the role.
• Conducting periodic review of events (circulars, notices, guidance, regulations, laws etc.) issued by regulators across the globe. Collaborate with stakeholders such as ISMs, SMEs and Compliance to assess impact and expectations of the regulator.
• Support early influencing of Regulators in case of draft regulations through high level gap analysis. Coordinate with SME(s) and ensure timely engagement with location Information Security Manager (ISM) / Control Domain Authority (CDA) / Advocacy Groups / Regulatory Engagement groups.
• Perform detailed gap analysis of the impacting Regulatory events.
• Partnering with the Global Technology Policies and Controls (GTPC) team to ensure policy area owners are informed of regulatory changes and relevant updates are applied in a timely manner.
• Providing input to strategic discussions on GTRCM and associated processes for identifying improvement opportunities.
Qualifications
• Over 9 years of experience in IT Risk and Compliance, Audit or IT Security, ideally with managerial experience preferably at a global financial services organization.
• Excellent command of Cybersecurity organization practices, operations risk management processes, principles, architectural requirements, emerging threats and vulnerabilities, including incident response methodologies
• Knowledge of cybersecurity & technology controls such as:
  • Control Governance, Policy Development
  • Identify & assess management
  • Cyber defense & fraud (incl. incident & event management, network & endpoint security, malware protection, digital forensics, threat & fraud intelligence, etc.)
  • Data protection, Storage, Governance
  • Software and platform security
  • Resiliency
  • Vulnerability management, Control assessments & training
• Keen understanding of national and international laws, regulations, policies and ethics related to financial industry cybersecurity. A demonstrated ability to analyze technology-focused regulations, articulation of risk and impact on Technology controls frameworks and industry best practices.
• Demonstrated ability to author Standards and Procedures, perform threat modeling, assess control design and operating effectiveness as well as articulate risks
• Ability to develop and maintain strong partnerships with key stakeholders at both working & executive levels, and to work across diverse businesses and regions, balancing the needs of multiple organizations
• Outstanding verbal, interpersonal and written communication and presentation skills, including demonstrated ability to interact with both technical and non-technical stakeholders
• High level of independence, energy and integrity, demonstrates respect for a diversity of opinions and styles, and accepts accountability and responsibility.
• An ability to work in a demanding, fast paced environment and handle multiple, competing priorities at one time.
• Excellent reporting and presentation skills.
• Relevant professional certification (e.g., CISSP, CISA, CRISC) or willingness to pursue
,

Keyskills :
salesmanagementmarketingbillingit riskit securitygap analysiscontrol designrisk managementthreat modelingevent managementoperational risk