Specialist, IT Risk & Compliance
Celestica
Chennai, Tamil Nadu, India
Performs tasks such as, but not limited to, the following: Coordinate with key stakeholders to initiate, scope and plan cybersecurity risk controls assessments of new and existing high risk suppliers. Assists with the implementation of risk management programs/ frameworks while identifying and minimizing negative impacts to the business. Develops and implements risk mitigation strategies. Acts as a subject matter expert in the evaluation, development and implementation of an internal control system. Participates in the IT Risk assessments - serve as a third party risk assessor, performing risk assessments by evaluating third party attestations, performing control design review, and control implementation validation. Make meaningful risk mitigating recommendations to directly improve the third party risk posture of Celestica. Builds effective relationships with internal/external stakeholders. Ensures alignment between stakeholders. Develops, documents and maintains business/group procedures updating and obtaining approvals as regulations or the operating environment changes and communicates changes to the business/group & relevant stakeholder groups. Tracks exception/exemption requests and corresponding approvals. Builds awareness, knowledge, and skills and, as necessary, provides communication, practical tools and ongoing support including making presentations, to promote a culture of risk identification and management. Recommends adjustments to the overall program, policy or processes within the business/group in accordance with the Risk Appetite Statement, Governance and Corporate Policy. Supports the business/group through internal/external audits or regulatory examinations and assists in development of action plans to resolve any identified issues. Broader work or accountabilities may be assigned as needed. Liaise with key business stakeholders and IT teams to support the completion of the third party risk management processes and due diligence. Knowledge/Skills/Competencies: Experience and understanding of third-party risk management, process mapping, bottleneck identification and associated control remediation. Knowledge and experience working with third party management frameworks. Knowledge and insight of regulatory requirements and expectation on third party risk management. Knowledge of team budget and tracking mechanisms Knowledge of Celestica’s technology, business and IT strategies. Knowledge of IT analysis, design and development. Knowledge of IT Security controls and frameworks Proficient in Data Management and Analytics Proficient in Business Partnering Proficient in IT Risk Management Ability to work in a team environment Change Management and project management skills Excellent resource management and prioritization skills. Excellent analytical and problem solving skills Excellent verbal and written communication skills Knowledge of IT audit procedures and techniques Technical proficiency gained through education and/or business experience Collaboration & team skills - In-depth