Security Governance

6 days ago


Gurgaon, Haryana, India Sbi Cards And Payment Services Limited Full time ₹ 12,00,000 - ₹ 36,00,000 per year

Deputy Vice President - Security Governance & Compliance

About the company

SBI Card is a leading pure-play credit card issuer in India, offering a wide range of credit cards to cater to diverse customer needs. We are constantly innovating to meet the evolving financial needs of our customers, empowering them with digital currency for seamless payment experience and indulge in rewarding benefits. At SBI Card, the motto 'Make Life Simple' inspires every initiative, ensuring that customer convenience is at the forefront of all that we do. We are committed to building an environment where people can thrive and create a better future for everyone.

SBI Card is proud to be an equal opportunity & inclusive employer and welcome employees without any discrimination on the grounds of race, color, gender, religion, creed, disability, sexual orientation, gender identity, marital status, caste etc. SBI Card is committed to fostering an inclusive and diverse workplace where all employees are treated equally with dignity and respect which makes it a promising place to work.

Join us to shape the future of digital payment in India and unlock your full potential.

What's in it for YOU

  1. SBI Card truly lives by the work-life balance philosophy. We offer a robust wellness and wellbeing program to support mental and physical health of our employees.
  2. Admirable work deserves to be rewarded. We have a well curated bouquet of rewards and recognition program for the employees.
  3. Dynamic, Inclusive and Diverse team culture
  4. Gender Neutral Policy
  5. Inclusive Health Benefits for all - Medical Insurance, Personal Accidental, Group Term Life Insurance and Annual Health Checkup, Dental and OPD benefits
  6. Commitment to the overall development of an employee through comprehensive learning & development framework

Role Purpose

The Security Governance & Compliance Lead will work to deliver the objectives within SBI Card's Security strategy and further enhance Information security program that identifies and addresses security governance and Compliance requirements. The person will be responsible for managing the process of gathering, analysing & assessing the current & future information security governance and compliance trends as well as maintain & monitor the information security best practices as they evolve.

Role Accountability

Policies, Procedures and Standards:

  1. Perform risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments (including downstream outsourcers) and other requests from the business in line with the GRC roadmap
  2. Act as security risk management ambassador to internal customers.
  3. Establish and maintain security metrics and reporting.
  4. Ensure implementation and compliance of requirements derived from various legal and regulatory frameworks.
  5. Support Respond to customer security/compliance questionnaires.
  6. Work with various operational and business teams to drive toward a cohesive view of security risk and drive remediation items to closure. Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders.
  7. Monitor the security risk profiles of our suppliers to objectively determine high risk suppliers that require additional review.
  8. Work with business and technical team members, third party vendors and auditors to ensure adherence to various compliance standards.
  9. Ensure timely closure of action points, observations from various audits / assessments etc.
  10. Participate in planning, scheduling and preliminary analysis for all internal and external audits such as ISO 27001, PCI DSS etc.

Information Security Performance Management:

  1. Ensure metrics to evaluate the information security programs are tracked and reported.
  2. Implement recommendations provided for areas needing improvement.
  3. Drive closure of observations from various audits / assessments in a timely manner
  4. Monitor compliance of Information and cyber security policy/standards, applicable laws, regulations, and standards including ISO 27001, PCI-DSS etc.
  5. Recommends improvements in processes and control procedures, effectiveness and efficiency of control mechanisms and methods of risk reduction to comply with various standard.
  6. Conduct compliance assessments, provide advice and guidance on the applications/technology and operations for various compliance requirements.

Information Security Awareness/Trainings:

  1. Actively participate in performing Information Security Awareness trainings and keeping track of compliance
  2. Support evaluation of the effectiveness of awareness and training programs and make recommendations for improvement.
  3. Conducts knowledge transfer training sessions to security operations team upon technology implementation.

Project/Work Planning:

  1. Provides project management support for Information risk management projects.
  2. Ensure timely and quality delivery of projects while adhering to project budgets.
  3. Liaisons with IT teams to ensure security is engaged in all projects.

Measures of Success

  1. Perodically update Information Security & other related policies and procedures to align them to industry best practices and regulatory requirements
  2. Successfully mantain all Information Security related compliances and certifications, i.e. ISO27001, PCI-DSS, NIST etc.
  3. Conduct periodic Information Security Risk assessments
  4. Increase in maturity of Information Security Matrix
  5. Support audits and assessments conducted by both Internal stakeholders (Internal Audit, Compliance, Risk etc.) and external auditors (Regulator)
  6. No major observations or findings in audits
  7. Increased Information Security awareness within the enterprise

Technical Skills / Experience / Certifications

  1. One or more Industry standard certifications such as CISSP, CISM, CISA
  2. Demonstrable understanding within Cyber Security, Data Security & Information technology areas
  3. Functional knowledge of ISMS domains and information security industry standard and best practices
  4. Prior experience in managing Information Security & Risk Management Programs in a complex/Large environment.
  5. Excellent communication skills and ability to mentor effectively communicate information/ cyber risks to management/ CXOs.
  6. Sound knowledge of industry best practices and popular frameworks like ISO 27001:2013, COBIT, NIST and standards/regulations like PCI-DSS, RBI
  7. Extensive knowledge of information security management systems
  8. Good Documentation. Conducting internal assessments of IT Policies, Standards and Process compliance with IT Audit standards
  9. Strong business, process & financial acumen

Competencies critical to the role

  1. 'Demonstrate leadership skills achieving stated objectives, coordinating with a diverse set of stakeholders and managing multiple audits and assessments at once.
  2. Demonstrate ability to continuously coordinate with multiple parties and supervisors while maintaining independence.
  3. Demonstrate communication skills to address different audiences, from various auditee belonging to different functions to regulators, external auditors etc.
  4. Demonstrate self-starter with ability to gain required knowledge in dynamic environments and remain up to date.
  5. Experience in technical training and in conducting awareness sessions.
  6. Experience in dealing successfully with different business and external stakeholders.
  7. Good Analytical, problem solving and inter-personal skills.

Qualification

Bachelor's Degree in any relevant stream

Preferred Industry

BFSI, NBFC, ITES, Telecom

Experience LevelExecutive Level

  • Gurgaon, Haryana, India Axa XL Full time

    Job DescriptionEssential Responsibilities:- Support the collection of up-to-date information from the business regarding their most valuable data and its use on a yearly basis (at minimum) at a Data Element level when possible.- Monitor the use of Data elements through security tools like DLP and Microsoft Purview.- Help create Sensitive Information Types to...

  • IT Governance Analyst

    4 weeks ago


    Gurgaon, Haryana, India Blue Chik Software Solutions Private Limited Full time

    Job Summary :The IT Governance Analyst will be responsible for ensuring IT processes, policies, and controls align with organizational objectives, regulatory requirements, and industry best practices. This role involves monitoring compliance, supporting audits, and driving continuous improvement in IT governance frameworks.Key Responsibilities : - Develop,...


  • Gurgaon, Haryana, India Stellar Information Technology Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    We are looking for a dynamic and results-driven sales leader to spearhead our business expansion across Central and State Government departments/Ministries, Public Sector Undertakings (PSUs), and Defense agencies. This role is pivotal in driving strategic growth for our Digital forensics, Data Recovery and data erasure portfolio within the Govt and public...


  • Gurgaon, Haryana, India AAR Services Full time

    Location: Gurugram Employment Type: Full-timeExperience: 8-19 YearsAbout the Organization:A leading infrastructure and EPC company with over two decades of expertise in delivering expressways, highways, bridges, metro corridors, airport runways, and power projects across India. The organization has consistently ranked among the fastest-growing players in...


  • Gurgaon, Haryana, India Contactx Resource Management Pvt. Ltd. Full time ₹ 15,00,000 - ₹ 25,00,000 per year

    o Cyber security and/or Privacy, IT Audit, IT Risk/Compliance Management withfocus on delivering projects in the government sector (working with ministries anddepartments of state/central government)o In-depth understanding of government sector is required previous experienceof working with government sector (India/global)o Background in pre-sales activities...


  • Gurgaon, Haryana, India Siemens Full time ₹ 15,00,000 - ₹ 25,00,000 per year

    Position Summary:As an AI Governance Expert, you will be responsible for establishing and maintaining a robust governance framework for the ethical, secure, and compliant use of AI technologies across the Digital Grid portfolio. You will work closely with cybersecurity, data science and product teams to ensure AI systems are trustworthy, transparent and...


  • Gurgaon, Haryana, India Sbi Cards And Payment Services Limited Full time ₹ 15,00,000 - ₹ 25,00,000 per year

    Manager - Access Governance About the company SBI Card is a leading pure-play credit card issuer in India, offering a wide range of credit cards to cater to diverse customer needs. We are constantly innovating to meet the evolving financial needs of our customers, empowering them with digital currency for seamless payment experience and indulge in...


  • Gurgaon, Haryana, India OfBusiness Full time ₹ 2,00,00,000 - ₹ 2,50,00,000 per year

    Job DescriptionAs theChief Information Security Officer (CISO),you will be responsible for defining and executingOXYZOsenterprise-wide information security strategy. You will oversee cybersecurity, risk management, governance, and compliance, ensuring the protection of organizational data, systems, and infrastructure.As a key member of the executive...


  • Gurgaon, Haryana, India BT Full time

    Why this role matters A Corporate Governance Professional plays a pivotal role in ensuring compliance with corporate laws and regulations The India Company Secretary will play a crucial role in advising the Boards of the India entity on their roles and responsibilities ensuring compliance with company law requirements and collaborating with legal...


  • Gurgaon, Haryana, India IIRIS Consulting Pvt. Ltd. Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    IIRIS is hiring VP/Sr. VP – Information Security (Gurgaon). We're looking for an experienced leader with 15+ years in Cyber Security, Technology Risk Assessment, and IT Governance, with proven expertise in driving business growth and leading high-performing teams. Certifications like CISSP/CISM/CRISC are highly preferred.Responsibilities:Develop and...