Job Summary
We are seeking a Risk & Control Manager to oversee governance, risk, and compliance across IT
managed services engagement. The role is responsible for establishing strong control frameworks,
ensuring regulatory compliance, mitigating operational risks, and driving a culture of accountability and
continuous improvement within large-scale service delivery environment. The role involves working
closely with customer audit and compliance teams and coordinating with internal IT managed service
delivery tracks to ensure compliance with regulatory and contractual requirements, while supporting
audit activities, evidence management, and timely closure of audit observations
Key Responsibilities
Define, implement, and manage IT risk and control frameworks across managed services
engagement.
• Ensure compliance with regulatory, audit, and contractual obligations (e.g., CIS, ISO, SOC,
MAS/TRM where applicable).
• Conduct risk assessments, control testing, and gap analysis across IT operations and service
delivery processes.
• Establish and monitor Key Risk Indicators (KRIs) and control effectiveness metrics.
• Lead internal and external audit engagements, including remediation tracking and closure.
• Collaborate with delivery, security, and design teams to embed risk controls into BAU operations
and transformation programs.
• Drive governance forums, risk reporting, and executive dashboards for stakeholders.
• Manage incident reviews, root cause analysis, and mitigation planning for control failures.
• Ensure third-party/vendor risk management and compliance adherence.
• Promote risk awareness and conduct training across delivery teams
Skill Requirements
Bachelor’s degree in information technology, business management, or an equivalent discipline.
• At least 15 years of relevant experience, preferably in financial services or asset management
industries, with minimum 10 years in risk and control roles.
• Strong experience in risk management, IT controls, and compliance within IT managed services
environments.
• Familiarity with regulatory frameworks such as ISO 27001, SOC2, NIST, CIS, MAS TRM (or
similar).
• Experience in audit management, control testing, and remediation programs.
• Knowledge of ITSM processes and integration with risk/control frameworks.
• Certifications preferred: CISA, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor (or
equivalent).
• Strong analytical skills with the ability to assess complex risk scenarios.
• Experience in global delivery models and multi-vendor environments.
Other Requirements
Strong governance mindset with attention to detail and compliance rigor.
• Excellent stakeholder engagement and executive communication skills.
HCLTech Job Description
Classification: Internal
• Ability to balance risk mitigation with operational efficiency.
• Proactive approach to identifying and addressing risks.
• Structured and disciplined approach to reporting and documentation.
• High integrity and accountability in handling sensitive compliance matters.
• Capability to influence cross-functional teams and drive risk-aware culture