Information Security Engineer

Job Description :The Information Security Cyber Organization Alignment role is focused on the strategic alignment of information security practices with the bank's overall risk management strategy, compliance requirements, and governance frameworks. The role focuses on driving Information Security Governance, Risk, and Compliance (GRC) initiatives to strengthen the bank's security posture while ensuring alignment with regulatory and business objectives. through effective processes i.

, risk tracking, compliance monitoring, RCSA, evaluating exceptions, and ensuring accurate reporting. The role ensures the right level of governance is in place and drives continuous improvement in risk management processes. The role leverages automation to streamline processes and enhance risk visibility across Information Security Group through managing GRC solutions.

Governance, Risk, Compliance :

• Ensure compliance with policies, regulatory requirements, and industry standards.
• Identify, assess, and manage information security risks.
• Ensure adherence to internal and external compliance requirements.

Policy Exception Management :

• Develop and maintain a comprehensive process for managing policy exceptions, including documentation, expiration date and approval workflows.
• Ensure all policy exceptions are properly documented, reviewed, and approved in accordance with organizational standards.
• Perform risk assessments for proposed policy exceptions to evaluate their potential impact on compliance and security.
• Work with stakeholders to communicate policy exception process, develop compensating controls for policy exceptions, and ensure timely closure.
• Regularly review and monitor granted exceptions to ensure compliance with the terms and conditions.
• Conduct periodic audits to assess compliance with approved exceptions and identify deviations for remediation.

Risk Control Self Assessments :

• Coordinate and ensure regular risk control self-assessments across various business units to identify and evaluate potential risks.
• Compile and analyze assessment results and prepare detailed reports with actionable insights and recommendations.
• Perform follow-ups to verify the effectiveness of implemented controls and risk mitigation measures.

Offshoring Reporting :

• Maintain accurate and timely reporting of offshoring activities.
• Ensure alignment with regulatory reporting requirements, and supporting the organization's compliance posture concerning offshore operations.
• Establish streamlined reporting mechanisms that meet both internal and external requirements.
• Assess and manage the risks associated with offshoring arrangements.
• Ensure that appropriate controls and mitigations are in place to address any regulatory or compliance risks tied to offshore activities.

ISG Service Portfolio Management :

• Develop and maintain a comprehensive service catalog that accurately reflects the services offered by ISG
• Regularly review and update the service catalog to ensure it aligns with business needs and technological advancements.
• Monitor the performance of ISG services to ensure they meet established service level agreements (SLAs) and key performance indicators (KPIs).

Compliance Management :

• Oversee the implementation and management of information security compliance across the bank, ensuring alignment with regulatory requirements and industry standards.
• Identify relevant regulatory obligations related to information security and ensure appropriate actions are taken to meet these requirements.
• Manage and track compliance incidents and exceptions, ensuring proper documentation and resolution through GRC systems.

GRC Function Automation :

• Be the owner of the bank's GRC platform for ISG and oversee the management of the bank's IS GRC solution.
• Oversee the administration, configuration, and maintenance of the GRC platform to ensure optimal performance and availability.
• Enable centralized knowledgebase and GRC solution to automate Information Security activities and governance process with a centralized risk register, risk reports and dashboards related to overall risk posture for specific location and business unit.
• Automate the GRC functions and reduce manual efforts to provide near real time insights into risks by performing quantitative and qualitative assessments.
• Support local CISO's / IS SPOCs in regulatory audit discussion and data required from ISG and enabling the local CISOs with Archer access to onboard the open issues for centralized tracking and governance.
• Ensure that the solution is effectively used to support the organization's information security governance, risk, and compliance activities.
• Operating Environment, Framework and Boundaries, Working Relationships.
• Operating environment: All the locations where client Bank is operational.
• Frameworks: Information security policy manual, regulations, industry best practices and contractual requirements.
• Working Relationship: All Business, Governance, Enabling and Control groups.

Problem Solving :

• Ability to enable framework, solution, and processes for proactive management of information security risks.
• Ability to understand regulatory language, can take decisions on applicability, compensating controls and residual risk.
• Ability to derive residual risk and control based on defense
• in depth strategy and systemic risk while taking risk and control decisions.

Decision Making Authority & Responsibility :

• Consult and validate recommendations to mitigate information security risks.
• Consult and provide recommendations to mitigate the risk to a level aligned with the risk appetite of the bank.
• Assure compliance with regulatory expectation and avoid regulatory penalties.
• Confirm adequacy of the controls against internal information security policy, standards and applicable regulatory requirements.

Knowledge, Skills, and Experience :Essential knowledge :

• Have around 10 years of experience in a Banking environment and over 3 years of experience in information security.
• Familiarity with information security technologies, risk, threat and vulnerability assessments, and security measures.
• Experience with governance, risk management, and compliance frameworks (e., ISO 27001, NIST, GDPR, PDPL).
• Hold professional certifications (e., CISA, CISM, CISSP, CRISC).

Skills and Application :

• Strong communication and interpersonal skills.
• Ability to manage multiple projects and priorities.
• Proficiency in security tools and technologies.

Strategic Insight :

• Foster a culture of security awareness and compliance within the organization.
• Continuously improve the information security posture of the organization.
• Ensure that information security risks are effectively managed and mitigated.

)