Apex Group

IT & Cyber_Technical_Risk_Metrics_Specialist_Compliance_Manager

Reposted 7 Days Ago

Be an Early Applicant

Baner, Pune, Maharashtra, IND

In-Office

Expert/Leader

Fintech • Payments • Financial Services

The Role

Govern and enhance IT & Cyber risk metrics, ensuring alignment with Cyber Strategy and regulatory compliance while leading RCSA and strategic reporting.

Summary Generated by Built In

The Apex Group was established in Bermuda in 2003 and is now one of the world’s largest fund administration and middle office solutions providers.

Our business is unique in its ability to reach globally, service locally and provide cross-jurisdictional services. With our clients at the heart of everything we do, our hard-working team has successfully delivered on an unprecedented growth and transformation journey, and we are now represented by over circa 13,000 employees across 112 offices worldwide.Your career with us should reflect your energy and passion.

That’s why, at Apex Group, we will do more than simply ‘empower’ you. We will work to supercharge your unique skills and experience.

Take the lead and we’ll give you the support you need to be at the top of your game. And we offer you the freedom to be a positive disrupter and turn big ideas into bold, industry-changing realities.

For our business, for clients, and for you

Role Overview:

This role governs, monitors, and continuously improves IT & Cyber risk metrics so they are
fit for purpose, aligned with Cyber Strategy, and meet expectations set by the Group CISO.
Operating within Banking, Finance, and Hedge Fund environments, the role ensures metrics
reflect financial risk exposure, operational resilience, and compliance with global regulatory
frameworks. The role leads the annual Risk & Control Self-Assessment (RCSA) and provides
strategic inputs to the Technology Risk Forum.

Key Responsibilities:

• Metrics Governance & Cyber Strategy Alignment: Define, review, and maintain IT &
Cyber KRIs/KPIs in line with Cyber Strategy and Group CISO directives; map to risk
appetite thresholds and business services.
• Continuous Improvement & Remediation: Monitor failing metrics; lead root cause
analysis and remediation plans. Implement a Metric Rewrite Protocol for metrics that
consistently fail or are misaligned.
• RCSA Execution: Lead annual RCSA across technology domains; ensure residual risk
remains within appetite and align methodology with Group CISO expectations.
• Strategic Reporting & Governance: Provide decision-ready inputs to the Technology
Risk Forum: posture, trends, material events, remediation, and asks.
• Compliance & Regulatory Alignment (Global): Maintain cross-framework control
mapping and evidence across ISO/IEC 27001:2022, NIST CSF 2.0, COBIT, ISO 31000;
and regulations/obligations including SOX 404, GDPR, DORA (EU), PCI DSS v4.0, and
applicable regional rules (e.g., FFIEC/US, UK PRA/FCA, MAS TRM, HKMA, APRA CPS
234).
• Stakeholder Engagement: Liaise with Application, Infrastructure, Service Owners, SOC,
IT Ops, Risk, Compliance, and external auditors/regulators. Influence remediation and
strategic risk initiatives.
• Automation & Reporting: Partner with BI/GRC teams to deliver automated dashboards
and single source of truth for metric definitions, thresholds, owners, and evidence.
• Execute delegated tasks as deemed appropriate by the Group CISO and other
empowered Group Cyber leadership authorities, ensuring timely and effective
completion in alignment with organizational priorities.
• Support the Group Cyber Strategy end-to-end, driving alignment of all activities,
decisions, and deliverables with strategic objectives and business outcomes.

Candidate Profile:

Experience:
• 10–15+ years in IT/Cyber Risk, GRC, or Technical Assurance within financial services.
• Hands-on designing/operating KRIs/KPIs and turning failing metrics green.
• Led RCSA and audit/regulator engagements across multiple regions.
Skills:
• Technical: vulnerability and patch governance, IAM/PAM, cloud security, incident
response, DR/BC, change risk.
• Risk & Compliance: appetite, control frameworks (ISO 27001, NIST CSF, COBIT, ISO
31000), SOX 404, DORA, GDPR, PCI DSS.
• Tooling: GRC platforms (ServiceNow/Archer), dashboards (Power BI/Tableau), CMDB,
ticketing (ServiceNow/Jira).
• Soft Skills: communication, articulation, presentation, stakeholder influence, executive
narratives.

Preferred Certifications:
• - CISM / CRISC
• - ISO 27001 Lead Auditor
• - ITIL
• - Cloud security certs (AWS/Azure/GCP

Disclaimer: Unsolicited CVs sent to Apex (Talent Acquisition Team or Hiring Managers) by recruitment agencies will not be accepted for this position. Apex operates a direct sourcing model and where agency assistance is required, the Talent Acquisition team will engage directly with our exclusive recruitment partners.

Skills Required

10-15+ years in IT/Cyber Risk, GRC, or Technical Assurance within financial services
Hands-on designing/operating KRIs/KPIs
Led RCSA and audit engagements
Technical skills in vulnerability governance, IAM/PAM, cloud security, incident response
Experience with GRC platforms and dashboards

Apex Group Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Apex Group and has not been reviewed or approved by Apex Group.

Flexible Benefits — Flexible benefits are positioned as being tailored by country, with localized packages and perks that can differ by jurisdiction. Mobility options such as the JUMP program add a non-cash element that can increase the perceived total rewards value for those who can access it.
Wellbeing & Lifestyle Benefits — Wellbeing support is described as including EAPs, mental-health workshops, mentoring support, and local lifestyle perks like gym or cycle-to-work schemes. These offerings broaden the benefits mix beyond purely financial rewards.
Retirement Support — Retirement support is described in at least one jurisdiction as including an employer match structure and an additional automatic contribution after tenure. This can strengthen the non-salary portion of total compensation where offered.

Learn more about Apex Group's Compensation & Benefits →

Apex Group Insights

What's It Like to Work at Apex Group? Apex Group Culture & Values Apex Group Career Growth & Development What's the Work-Life Balance Like at Apex Group? Apex Group Leadership & Management Apex Group Company Growth, Stability & Outlook

View all jobs at Apex Group

View Apex Group Profile

Report Job

Am I A Good Fit?

beta

Get Personalized Job Insights.

Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company

7,423 Employees

Year Founded: 2003

What We Do

We are a single-source financial solutions provider dedicated to driving positive change while supporting the growth and ambitions of asset managers, allocators, financial institutions, and family offices around the world. Established in Bermuda in 2003, we have continually disrupted the industry through our investment in innovation and talent. Today, we set the pace in fund and asset servicing and stand out for our unique single-source solution and unified cross asset-class platform which supports the entire value chain, harnesses leading innovative technology, and benefits from cross-jurisdictional expertise delivered by a long-standing management team and over 13,000 highly integrated professionals. As a pioneering data and fintech-enabled company, we are a disruptor driving digital tools into fund and asset servicing. However, our vision to drive positive change extends beyond the industry. The Apex Foundation, a not-for-profit entity, is our passionate commitment to empower sustainable change