Information Security

Job Description

Position: Information Security & Control Analyst II

Location: Pune, MH

Experience Range: Relevant 3 to 5 years

Mode of work: 5 days (office)

Job Mission:

The Information Security & Control Analyst II or IT Security Officer (ISO) is responsible for implementing, continuously improving, and maintaining the HPS Payment Services information security program. The position requires strong expertise in information security management, as well as in-depth knowledge of security standards and best practices, such as ISO 27001.

Job Purpose:

1) Information Security Management System: Implement, continuously improve, and maintain the information security program for HPS Payment services

Support the CISO by contributing to the development, implementation, and maintenance of information security policies, processes, procedures, and controls to protect HPS Payment Services' assets from internal and external threats. Identify risks, vulnerabilities, and potential threats to HPS Payment Services' assets and implement mitigation and contingency plans to minimize the impact on business operations. Develop and implement information security plans to ensure protection, confidentiality, integrity, and availability of HPS Payment Services' data. Regularly assess the effectiveness of security policies, processes, procedures, and controls and recommend risk treatment actions while ensuring follow-up. Monitor and manage IT risks and non-compliance with contractual requirements signed with clients. Update and review HPS Payment Services' risk register regularly. Ensure appropriate security measures based on process criticality and asset sensitivity, including: Assessing inherent and residual risk levels with asset owners. Guiding risk owners towards suitable options (risk reduction, acceptance, transfer, or rejection). Challenging proposed action plans to ensure realistic and implementable security measures. Prepare and lead IT Risk Committees and ensure proper implementation of Information Security Governance (ISG)

2) Security by Design: Ensuring Security in Projects

Guide projects in implementing new security systems or integrating existing systems. Define and implement IT risk management requirements in HPS Payment Services' projects. Ensure the integration of security measures in the project lifecycle. Identify security-related risks, vulnerabilities, and potential threats in projects and define and monitor treatment plans. Ensure compliance with security regulations and standards. Evaluate technological solutions in projects to guarantee compliance with security requirements. Assess and track security performance in projects using key performance indicators (KPIs).

3) Security Assurance: Maintaining Security Certifications

Manage certification schedules and anticipate recertification exercises. Coordinate with internal teams to organize regular reviews and collect certification deliverables. Oversee action plans derived from certification exercises.

4) Monitoring Operational Security and Risk Treatment Plans.

Track IT security risk and performance indicators. Monitor the operational implementation of information security. Oversee access reviews within the security perimeter. Monitor, investigate, and resolve security incidents while ensuring proper escalation. Follow up on action plans after security incidents. Monitor security clauses in outsourcing contracts. Conduct technology watch and stay updated on emerging threats and security solutions. Work with the operational security team to deploy and maintain security solutions while ensuring compliance with IS security policies. Analyse and assess risks from vulnerability scans and penetration testing results.

5) Permanent Control

Support the Level 1 Permanent Control Manager in defining management surveillance controls related to IT security. Coordinate and manage control campaigns to meet deadlines. Depending on the implemented Target Operating Model (TOM), either: Support operational teams in executing controls and challenge their findings, or Perform managerial surveillance controls and document control results. Ensure action plans are well-defined to address risks identified during controls. Produce and track risk and performance indicators from control campaigns. Assist in updating the operational risk mapping related to IT security management. Ensure IT security-related operational risk incidents are escalated to the audit department and track associated reports.

Technical Skills:

Knowledge of Banking & Financial Services Internal Control & Risk Management IT & Security Functions Knowledge Information Security Management Security Governance & Risk Frameworks IT Development & Architecture IT Risk Management Frameworks ISO 27005, EBIOS, CRISC, NIST, CIS20

Managerial Skills:

Client Focus Commitment to deadlines Initiative taking Problem anticipation Reporting & monitoring Quality Management

Behavioural Skills:

Interpersonal skills Initiatives Flexibility Support & assistance Confidentiality, Integrity, Objectivity Analytical & Synthesis skills Rigor & Organization

KPIs:

Quality of IT Risk & Security Management framework Vulnerability & Security Patch management Client reporting Quality, relevance, and consistency of security reports Compliance with control deadlines

---