AVP - Information Security (Goverance, Risk & Compliance)

Job description:

• The incumbent shall be responsible for the managing, maintaining and enhancing the Information Security Governance & IT Risk Mgmt, and  Cyber Compliance posture of the Bank.
• He /She shall be responsible for maintenance of Information Security policies & procedures and imparting of the policy education, training and awareness.
• He /She shall be responsible for execution of various Information Security controls and processes, monitoring compliance with the regulatory and organizational regulations, managing data confidentiality & security, conducting investigations and reporting of security incidents.  Timely and quality submission of all regulatory returns & reports is a key responsibility.
• He /She should be able to improve the IT Security KRIs and appropriate reporting thereof.
• Shall be responsible to perform IT Security Risk assessments of new & existing processes, projects and applications / infrastructure.
• Shall be responsible to guide and collaborate with IT & business teams on risk mitigation measures, new & existing controls, security procedures, InfoSec / Cyber related regulatory guidelines and related compliance.
• Shall be responsible for initiating and completing IT Security related projects, especially the ones driven by regulatory requirements.

The incumbent shall be able to continuously analyse bank's information security program, implementation & execution of defined controls, and work towards sustained compliance to those and improvement of the same.

A & B. Knowledge & Skills:

• Detailed understanding of IT Security and Infrastructure practices, operations, standards and frameworks.
• Should be well-versed with IT Act, various RBI regulations / guidelines on IT & IS, CERT guidelines etc.
• Experienced in developing and implementing enterprise security governance, IT risk and compliance strategy and solutions
• Should be well-versed Information & Cyber security standards and frameworks such NIST, ISO, OWASP, ITGC etc.
• Hands on in managing Data Confidentiality & Security, Customer Information Protection, Security controls and monitoring processes, and Incident response management.
• Security project management and planning; Ability to deliver on complex regulatory / technical security projects and initiatives.
• Good knowledge of performing IT Security risk assessments - risk identification, mitigation measures etc.
• Knowledge of various IT & Cyber Compliance matters such as Vulnerability Management, System Security Baselines, Hardening reviews /Security Configuration Assessments,  Patching etc and appropriate remediations for the same.
• Good understanding and hand-on experience of handling external /regulatory & internal Audits
• Good working knowledge on MS Office tools like Excel, Powerpoint would be essential. Should be well versed with various functions and data handling techniques in Excel.
• Ability to work on routine security activities as well complex technical security projects and initiatives.
• Proven track record in IS Governance & Regulatory Compliance.

C. Experience:

• Overall 8 to 10 years of progressive experience in the field of Information & Cyber Security, including experience in Data security, IT Security, Network Security and IT Risk Management in a global banking environment. At least 3 years of experience specifically in Information Security Governance / Cyber Risk Management/Regulatory compliance with RBI and other regulatory authorities.
• Experience in BFSI or Regulated environment would be preferred, but not mandatory.

D. Qualifications:

• Must have completed a Bachelor's degree (preferably BE / B.Tech.). A Master's degree in IT/IS will be preferred.

Any one or more of the below or other similar security related certifications:

•    ISO 27001 Lead Implementer / Auditor Certified from Reputed ISO Certification Body 

•    Certified Information Systems Auditor (CISA)

•    Certified Information Security Manager (CISM)

•    Certified Information Systems Security Professional (CISSP)

Profile description:

·       The incumbent shall be responsible for:  managing, maintaining and enhancing the Information Security Governance & IT Risk Mgmt, and Cyber Compliance posture of the Bank; Maintenance of Information Security policies & procedures and imparting of the policy education, training and awareness. He /She shall be responsible for execution of various Information Security controls and processes, monitoring compliance with the regulatory and organizational regulations, managing data confidentiality & security, conducting investigations and reporting of security incidents. He /She would be responsible to perform IT Security Risk assessments, review implementation of new IT systems, security tools & technologies, to continuously evaluate the bank's information security program and work toward continuous improvement of the same via innovative thinking & drive towards automation of controls.

·       The role would include interacting with the Auditors and Regulators such as RBI for Cyber Security Compliance related requirements. He /She shall be responsible for implementing security controls that align to regulatory requirements. He /She shall also be responsible to continuously monitor information security controls & related testing, exceptions to existing processes/controls, risk assessments, managing incidents etc.  He /She shall be responsible for all timely & accurate submission of all regulatory complaince reports and audit deliverables.