Sr. Analyst

Sumitomo Mitsui Banking Corporation

Job Responsibilities

• He /She shall be responsible for execution of various Information & Cyber Security controls and processes, daily security monitoring tasks and various weekly /monthly security controls & reporting activities (such as monitoring access logs and security violations, analyzing user access requests and conducting periodic access reviews, data collation /analysis & reporting, managing various security control books and procedural documentations etc.).
• He /She shall be responsible for execution of controls related to Regulatory & Head Office guidelines and ensuring compliance to those, conducting investigations and reporting of security incidents. He/ She shall be involved in imparting security training and awareness sessions.
• He /She shall be responsible to support the implementation of new security tools & technologies and/or new IT systems, and administer /operationalize such security tools including defining use-cases, creating control tasks, SOPs etc.
• He /She shall be responsible for execution of various Security controls for the organization, and should be able to execute and improve the Security KRIs and appropriate reporting thereof.
• He /She shall be responsible to perform IT Security Risk assessments of new & existing processes, projects and applications / infrastructure.

The incumbent shall be able to continuously analyse bank's information /cyber security program, implementation & execution of defined controls, and work towards sustained compliance to those and improvement of the same.

(a) Knowledge (b) Skills (c) Experience (d) Qualifications

A & B. Knowledge & Skills:

• Detailed understanding of IT Security and Infrastructure practices, operations, standards and frameworks.
• Good working knowledge of performing IT Security risk assessments
• Good working knowledge of SOC processes and related Security Monitoring Tools (such as SIEM, NBAD (Behavioral Anomaly detection), DAM etc).
• Good working knowledge of Privileged Identity & Access Management (PIM/ PAM), related tools & controls.
• Good understanding of Network Security and working knowledge of related Monitoring (such as Log analysis, Firewall reviews, IDPS alerts etc).
• Good working knowledge in Vulnerability Assessments (VA /PT) and/or System Security Hardening and appropriate remediations.
• Good working knowledge /understanding of Data Protection & Security, DLP, data encryption etc.
• Good working knowledge of handling information/cyber security alerts & incidents (such as related to phishing, malware, cyber-frauds etc).
• Ability to execute / implement Information Security Operations processes and perform daily / weekly /monthly security controls and tasks.
• Good working knowledge of implementation of security tools and related administration /operationalization.
• Fair understanding / Experience of working on Security Audits – would be preferred, but not mandatory.
• Good working knowledge on MS Office tools like Excel, Powerpoint would be essential. Should be well versed with various functions and data handling techniques in Excel.
• Ability to work on routine security activities as well complex technical security projects and initiatives.
• Proven track record in IS processes execution and enhancements. Willing to quickly learn and adapt to new processes & environment.

C. Experience:

• Around 5 to 8 years of progressive experience in the field of Information Security, including experience in either Cyber Security,  Security Controls & Operations,  CSIRT (Cyber Security Incident Response Team) or Privileged Identity & Access Management  in a global environment. Experience in BFSI or Banking environment would be preferred, but not mandatory.

D. Qualifications:

• Must have completed a Bachelor's degree (preferably BE / B.Tech.). A Master's degree in Information Systems will certainly be preferred.

Certification – Select the relevant Certifications from the list below :

Any one or more of the below or other similar security related certifications:

• ISO 27001 Lead Implementer / Auditor
• Lead Auditor Certified from Reputed ISO Certification Body (such as BSI)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Cloud Security related certifications such as CCSP or CCSK

Any other Cyber Security related certifications

The incumbent shall be responsible for the maintenance of Information /Cyber Security policies & Procedures and related Implementation & Compliance adherence thereof. Execution of various daily security controls /regular periodic processes (such as system/application log monitoring, privileged access mgmt & reviews, daily cyber security alerts handling & incident mgmt, data collation /analysis & reporting etc) would be a primary responsibility for this role.