Avp - Information Security (Goverance, Risk & Compliance)

Headquartered in Tokyo, Sumitomo Mitsui Banking Corporation (SMBC) is a leading global financial institution and a core member of Sumitomo Mitsui Financial Group (SMBC Group). Built upon our rich Japanese heritage since 1876, we put our customers first and provide seamless access to, from and within the Asia Pacific region. SMBC is one of the largest Japanese banks by assets and maintain strong credit ratings across our global integrated network. We work closely as one SMBC Group to offer personal, corporate and investment banking services to meet the needs of our customers.

With sustainability embedded within our strategy and operations, we are committed to creating a society in which today’s generation can enjoy economic prosperity and well-being, and pass it on to future generations.
- The incumbent shall be responsible for the managing, maintaining and enhancing the Information Security Governance & IT Risk Mgmt, and Cyber Compliance posture of the Bank.
- He /She shall be responsible for maintenance of Information Security policies & procedures and imparting of the policy education, training and awareness.
- He /She shall be responsible for execution of various Information Security controls and processes, monitoring compliance with the regulatory and organizational regulations, managing data confidentiality & security, conducting investigations and reporting of security incidents. Timely and quality submission of all regulatory returns & reports is a key responsibility.
- He /She should be able to improve the IT Security KRIs and appropriate reporting thereof.
- Shall be responsible to guide and collaborate with IT & business teams on risk mitigation measures, new & existing controls, security procedures, InfoSec / Cyber related regulatory guidelines and related compliance.
- Shall be responsible for initiating and completing IT Security related projects, especially the ones driven by regulatory requirements.

The incumbent shall be able to continuously analyse bank’s information security program, implementation & execution of defined controls, and work towards sustained compliance to those and improvement of the same.
- A & B. Knowledge & Skills:

- Detailed understanding of IT Security and Infrastructure practices, operations, standards and frameworks.
- Should be well-versed with IT Act, various RBI regulations / guidelines on IT & IS, CERT guidelines etc.
- Experienced in developing and implementing enterprise security governance, IT risk and compliance strategy and solutions
- Should be well-versed Information & Cyber security standards and frameworks such NIST, ISO, OWASP, ITGC etc.
- Hands on in managing Data Confidentiality & Security, Customer Information Protection, Security controls and monitoring processes, and Incident response management.
- Security project management and planning; Ability to deliver on complex regulatory / technical security projects and initiatives.
- Good knowledge of performing IT Security risk assessments - risk identification, mitigation measures etc.
- Knowledge of various IT & Cyber Compliance matters such as Vulnerability Management, System Security Baselines, Hardening reviews /Security Configuration Assessments, Patching etc and appropriate remediations for the same.
- Good understanding and hand-on experience of handling external /regulatory & internal Audits
- Good working knowledge on MS Office tools like Excel, Powerpoint would be essential. Should be well versed with various functions and data handling techniques in Excel.
- Ability to work on routine security activities as well complex technical security projects and initiatives.
- Proven track record in IS Governance & Regulatory Compliance.
- C. Experience:

- Overall 8 to 10 years of progressive experience in the field of Information & Cyber Security, including experience in Data security, IT Security, Network Security and IT Risk Management in a global banking environment. At least 3 years of experience specifically in Information Security Governance / Cyber Risk Management/Regulatory compliance with RBI and other regulatory authorities.
- Experience in BFSI or Regulated environment would be preferred, but not mandatory.
- D. Qualifications:

- Must have completed a Bachelor’s degree (preferably BE / B.Tech.). A Master’s degree in IT/IS will be preferred.
- Any one or more of the below or other similar security related certifications:

- ISO 27001 Lead Implementer / Auditor Certified from Reputed ISO Certification Body
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)