About Information Systems Security:
Information Systems Security (ISS) team ensures that Cyber Security Risk and Threats are managed through an risk management framework comprising of Information Systems Security Policies, Standards and Guidelines. The bank’s Information Security & Cyber Security Policy & Standards based on various regulatory requirements / guidelines from RBI Gopalkrishna report, cyber security framework, NPCI, IT Act, MAS, HKMA, Aadhar etc., International regulations & standards such MAS, HKMA, PCI-DSS etc. The policies and standards approved by the Board of Directors encompassing independent identification, measurement and management of risks across the various businesses of the Bank. All compliance related requirements emanating from various regulators and stipulations like legal, regulatory and other standards adopted by the bank are periodically communicated to various stakeholders by way of circulars, office notes, workshops, etc. The bank has developed a comprehensive set of metrics like key performance indicators and key risk indicators for review by Business units, Subsidiaries and Top Management on a regular basis. Quarterly monitoring and reviews are undertaken by the top management for review and necessary action.
About the Role:
The Security Officer serves as a subject matter expert for governance and compliance frameworks and regulations, policy development, Identify and monitor non- compliance and escalate when appropriate, Act as the champion for achievement of GRC capabilities, Manage monthly, Quarterly Information Security KRI, Develop, implement, and manage policies specific to GRC capabilities.
· Defining and implementing IT policies / IS Security Policies
· Identify risks in the IT processes
· Define controls and analyze implications of making process changes
· Draw up Risk Control Matrices
· Plan and conduct process audits within IT
· Facilitate issue resolution with the IS Auditors.
· Evaluate IT Security related products
· Understand, implement, monitor and review of various regulatory / compliance frameworks like SOX, COBIT, ITIL, ISO 27001, ISO 22301, ISO 31000 Basel etc.
· Conduct training programmes on Information Security, Risk, compliance and regulatory aspects.
· Analysis of various system generated reports, logs, audit reports and VAPT reports.
Optimal qualification for success on the job is:
· First class Graduate/Post Graduate in Science or Engineering from a reputed University with exposure to information systems.
· Qualifications like CISA, CISM or CGEIT, CISSP, CEH, BCM, LA in ISO 27001, LA in ISO 22301 or any other recognized qualification in IT Risk Assessment will be preferred.
· Thorough knowledge and experience in networking along with certifications like CCNA will also be preferred.
· 7 to 9 Years of Experience
· Experience in:
o Identification, evaluation and documentation of process flows, risks and controls.
o Information systems management, IT service management as well as process development and design.
o IT Security – in areas like network security, remote access etc.
o IT Governance, IT Audits, Projects Execution, IT Planning, etc.
o Handling various security products/solutions like DLP,
o Third party vendor assessment
o PCI DSS implementation
For successful execution of the job, the candidate should possess the following:
· Current Information Technology management standards in the industry as a whole such as COBIT, ITIL, ISO 27001, ISO 31000, PCIDSS, RBI guidelines on Information Security and best practices in BFSI.
· Formulating IT Governance objectives and goals and developing effective techniques for deriving these objectives from IT initiatives.
· Good understanding and working experience in IT Services management and use of maturity and process improvement models