Senior Associate, Cyber/IT Security, Technology and Operations

Business Function

Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.

Job Purpose
The purpose of this job role is to manage Information Security – Internal & External Vulnerability Assessment, Penetration Testing, Application Security Assessment, Source code review follows up, Wireless PT, ATM/POS security Assessment, Secure Configuration Review, Vulnerability management domains to enhance threat detection and mitigation capabilities within the Bank. This role is additionally responsible for enhancing cyber assurance and appropriate regulatory reporting of cyber security aspects.

Key Accountabilities

• Vulnerability management and Penetration Testing
• Application security
• Virtualization and container technologies (Docker, Kubernetes, OpenShift).
• API Security
• CI/CD assessment
• IS Related compliance and regulatory reporting

Job Duties & responsibilities

• Vulnerability Management:
• Manage periodic internal and external VA scanning for the bank's production systems.
• Analyse and report/present the vulnerabilities to multiple stakeholders for remediation and prioritization
• Maintain intelligence network to discover any reported exploits, zero-day vulnerabilities and its applicability to Bank.
•  Experience with tools such as Rapid7, Nessus, Metasploit, Qualys Guard, etc.
• Security Testing & Application Security:
• Manage annual security testing program for the existing and new production systems.
• Maintain tools and environment to support security testing, working with internal teams and consultants as required
• Collaboratively work with Application Development / Security Mavens and guide them to follow the Security gates set in the Organization's SDL.
•  Evaluate internal Technology Risk Processes as it relates to App Pentest, FOSS, Fortify SCA and provide process governance as well as though leadership concerning adjusting to future needs
• Liaison with customer relation and team responsible to address the external requests related to AppSec
• Coordinate Security Mavens training and manage monthly meetings
• Manage and update Key Performance Indicators (KPI's) for the Application Security Assurance Program
• Coordinate with team members and TRM policy management to ensure control standards and policies are up to date
• Manage the application security threat modeling process and coordinate application threat models against the Organization's applications
•  Liaison with various internal teams (Application Development, IT Architecture, Corp. Procurement Services, Source Code Management, IT Asset Management) for Application security initiatives and automation efforts).
• Manage new projects and initiatives related to application security as needs arise
• Evangelize application security within the firm and work with Application Development Security Mavens to incorporate new program direction into applications
• Coordinate with ASAP team members to track internal audit and regulatory assessments and address requests related to the Application Pentest, SAST ,DAST and SCR (Source code review)
• Conduct presentations on application security topics for TRM and AD management
• Provides regular status updates on all assigned tasks and deliverables.
•  Maintains issue logs, tracks/follows up on problems.
• Mitigates risk by following established procedures and monitoring controls, spotting key errors and demonstrating strong ethical behaviour.

Requirements

• Overall 6+ years on experience in Information/Cyber Security
• Experience in vulnerability management and application security for 4+ years
• Experience in managing 5+ members team which may include vendor teams
• Candidate should have worked in BFSI (preferred)

Education / Preferred Qualifications

• Graduation\: BE IT/Computers/Electronics, B.Sc. - Computers, M.Sc. - Computers
• Post-Graduation\: PGDIT, MCA, MBA
• Certification like CISSP, CISM, SANS, OSCP/OSCE and CREST (Preferred)

Core Competencies

• Excellent analytical and decision-making skill sets
• Effective in Communication, documentation and report writing skills
• Ability to consult and validate solutions to mitigates risks to business and systems

Technical Competencies

• VAPT - Rapid7, Nessus, Metasploit, Qualys Guard, Burp suite ,CI/CD tool etc.
• Technical working knowledge (WAF, HIDS, IPS, Firewall, Networking