Senior Risk and Compliance Specialist-Cloud
Middle (2-5 years), Senior (5-10 years)
The Cloud GRC Senior Specialist has the primary responsibility for ensuring that the Cloud Services provided by Temenos meet contractual, regulatory and internal policy requirements. The role is responsible for local development, implementation and maintenance of risk management processes, controls, policies and procedures related to governance, risk and GRC Senior Specialist will report to GRC Manager. The role will be customer facing and will be involved in supporting the sales process.
The role is responsible for ensuring that the controls are in place and operate This includes working closely with Group Risk, Security, Audit and other assurance and compliance functions to ensure that policies, strategies, procedures and standards are consistent and provide the highest level of assurance tor the company and Temenos Cloud clients.
Responsibilities and Accountabilities:
- Implement and operate a risk management framework at regional level meeting industry & regulatory standards and group policies
- Implement risk mitigation strategies and controls within region. Controls have to address the risks, contractual commitments, client expectatioregulatory (FFIEC etc.) and other (CSA, SSAE, PCI DSS etc.) standards and internal policies
- Provide assurance on operating effectiveness of controls
- Implement contract and regulatory compliance program
- Operate vendor (risk) management program
- Ensure ongoing certifications, attestations, assurance (SOC 1&2, CSA CMM, PCI DSS, ISO)
- Build strong relationships within the organization to foster a culture of risks awareness, control, security and compliance
- Provide support to sales and pre-sales. Provide responses to RFI/RFP, manage supplier due diligence programs etc.
Skills and Qualifications:
- University level education
- 7+ years professional work experience in audit, risk, internal control, compliance in a regulated company
- Understanding of software, hosting and financial services industry
- Prior exposure to various control frameworks (COSO, CSA CCM etc.)
- Practical experience with obtaining / maintaining various certifications / attestations (SOC, CCM, ISO)
- Deep knowledge or regulatory frameworks (FFIEC etc.)
- Experience with implementation and operation of risk and control frameworks
- Experience in managing customer RFP’
- Good understanding of security and privacy risks and controls
- Organized, methodical, with attention to detail yet able to summarize
- Project management skills
- Ability to work with regulators and clients
- Ability to collaborate with business, regional and corporate leaders to obtain consensus and support.
- Hosting company experience
- Knowledge of cloud service models and the outsourcing of financial services.