Senior Manager - IT Compliance

Job Summary

This position is responsible for implementing & managing Governance framework and managing the IT risk and compliance for the Digital Technology function. Additionally, this role is also responsible for implementing processes, governance of projects for all the verticals of IT. This also manages org capabilities for IT.

Audit, Risk and Governance

• Work with IT PMO & Compliance head to develop, review, and implement IT Governance frameworks, Control strategy and roadmap to ensure alignment with regulatory and compliance requirements & adherence to internal controls to strengthen the overall security posture

• Regular governance and reporting of all IT risks to CTO and senior leadership team

• Collaborate closely with IT, Engineering, and InfoSec teams on IT Controls, Application Risk Assessments, Compliance ATRs, and VAPT (Vulnerability Assessment and Penetration Testing) initiatives to proactively identify and mitigate security gaps across IT and cloud infrastructure, while ensuring timely resolution of vulnerabilities, control gaps, and security issues, and maintaining transparent reporting to key stakeholders and leadership

• Conduct regular audits to verify if the procedures are accurately followed. Proactively identify risks and develop preventive strategies

• Collaborate with IT, Operations, InfoSec, Enterprise Risk Management (ERM) and Security teams to remediate audit findings & close identified control gaps

• Coordinate with external vendor auditors to facilitate seamless audit execution and ensure adherence to regulatory standards

• Identify, assess, and prioritize information security risks.

• Ensure compliance with relevant laws, regulations, and industry standards such as IRDAI, UIDAI. Etc.

• Resolve any queries related to Internal Controls. Provide intricate understanding of all internal control and guidelines.

Cross-Functional Collaboration:

• Work closely with IT, Legal, Information Security, and other departments to foster a culture of security and privacy.

• First point of contact in IT for any audits, Risk Assessment and controls

Project Management & Governance

• Acts as a Project Manager for critical requirements, by ensuring completeness of delivery of project as per the requirement

• Collaborate with cross functions and development team create a project plan that outlines the scope, timelines, and resources required.

• Address the obstacles in the project plan and ensures smooth and efficient sprint execution.

• Identify potential risks and dependencies in the project and work to mitigate them. Responsible for managing any impediments that may hinder the team's progress.

• To track the various IT projects and proactively informs the management of any potential slippages, hurdles and concerns. With key focus on:

• Project Planning and definition

• Tracking project schedules

• Tracking interdependencies across projects

• Responsible for adherence of project management controls and processes

• Extensive hands-on experience with PPM Pro Planview, including managing portfolio roll-ups, customizing dashboards, and serving as an active administrator with the ability to tailor the platform to meet organizational needs.

• Proficient in Microsoft Office tools, including Word, Excel and PowerPoint, with the ability to create impactful presentations for senior stakeholders and leadership.

• Administration of a process for reporting progress on key project metrics including preparation and circulation of Periodic Project Status Reports (including risks and issues)

• Administration of change management process. Maintaining a master document index. Custodian of master copies of key project documents and policies

• 
  Assist and train team members to follow project management processes and build buy-in to the defined process

• Periodically Review and improve upon the Project Management methodology/SDLC

• Monthly audit of monthly Project Management controls

• Good knowledge and handling of project and programme management methodology and techniques

• Understanding of waterfall, agile & hybrid methodologies of running project

Key Relationships (Internal /External)

Internal: All IT team members, PMO, IT vertical leads, CTO

External: All Business user groups, Information Security team,

Internal audit team, Enterprise Risk Management

Measures of Success

Governance & Compliance

• Effective implementation of IT governance frameworks aligned with regulatory standards (IRDAI, UIDAI).

• Timely resolution of internal control queries and audit observations.

• High compliance scores in internal and external audits.

Risk & Security Management

• Completion of IT control reviews and risk assessments with actionable outcomes.

• Reduction in critical vulnerabilities through timely VAPT execution and remediation.

• Improved security posture demonstrated by fewer repeat findings and faster issue resolution.

Collaboration & Execution

• Strong cross-functional engagement with IT, InfoSec, Legal, and Engineering teams.

• Seamless coordination with external auditors ensuring smooth audit execution.

Training & Awareness

• Delivery of impactful training programs on IT compliance and cybersecurity.

• Increased employee awareness and adoption of security best practices.

Strategic Contribution

• Introduction of innovative practices to strengthen compliance and risk posture.

• Proactive identification and mitigation of emerging risks.

Key behavioural skills required

Effective Communication: Ability to interpret technical procedures to business users

Relationship Management: Ability to establish and maintain effective working

relationships with cross functional teams

Decision making: Assess situations to determine the importance, urgency and risks, and make clear decisions which are timely and in the best interests of the organization

Problem solving: Knowledge of and ability to utilize word processing, spreadsheet, database, e-mail and Internet software

Training and Awareness:

Develop and deliver training programs to enhance employee awareness of Project & Program Management best practices, ITGC, cybersecurity best practices, data privacy, regulatory standards, and IT compliance, fostering a culture that prioritizes security and privacy across the organization

Desired qualifications

• B.E/B.Tech in IT, CS from reputed college

• 10+ years of relevant experience in IT PMO, Governance Risk and Compliance

• Should have understanding of applications, databases, OS

• Experience in IT controls – System security/ Change Management/Problem Management/User provisioning/ Project management/Operations/ Backup

• Strong analytics skill, Team player – Must be able to work with a team of vendors and internal team to deliver superior results.

• Strong written and oral communication skills

• Strong stakeholder management skills