Manager - Vendor Security Risk Specialist

About Us

SBI Card is a leading pure-play credit card issuer in India, offering a wide range of credit cards to cater to diverse customer needs. We are constantly innovating to meet the evolving financial needs of our customers, empowering them with digital currency for seamless payment experience and indulge in rewarding benefits. At SBI Card, the motto 'Make Life Simple' inspires every initiative, ensuring that customer convenience is at the forefront of all that we do. We are committed to building an environment where people can thrive and create a better future for everyone.

SBI Card is proud to be an equal opportunity & inclusive employer and welcome employees without any discrimination on the grounds of race, colour, gender, religion, creed, disability, sexual orientation, gender identity, marital status, caste etc. SBI Card is committed to fostering an inclusive and diverse workplace where all employees are treated equally with dignity and respect which makes it a promising place to work.

Join us to shape the future of digital payment in India and unlock your full potential.

What's in it for YOU

1. SBI Card truly lives by the work-life balance philosophy. We offer a robust wellness and wellbeing program to support mental and physical health of our employees
2. Admirable work deserves to be rewarded. We have a well curated bouquet of rewards and recognition program for the employees
3. Dynamic, Inclusive and Diverse team culture 
4. Gender Neutral Policy
5. Inclusive Health Benefits for all - Medical Insurance, Personal Accidental, Group Term Life Insurance and Annual Health Checkup, Dental and OPD benefits
6. Commitment to the overall development of an employee through comprehensive learning & development framework

Role Purpose 

Responsible for conducting vendor risk assessments from information security perspective based on, ISO27001:2013, PCI-DSS, Cloud security control framework etc. and to ensure identified risks are addressed appropriately in timely manner. The role is also responsible for assessing  and identifying risks associated with third parties part of SBI Card extended echo system, analyzing identified risks and ensure timely reporting and remediation of the same and working closely with cross-functional teams within SBI Card and vendor /partner teams to manage security risks associated with third parties and get the same addressed within a agreed timeline.

Role Accountability 

1. Conduct vendor risk assessments from information security perspective using, ISO27001:2013, PCI-DSS, Cloud security control framework etc.
2. Ensure identified risks are addressed appropriately
3. Track and report status of open observations, remedial plan and timelines for resolution
4. Perform remediation testing once identified observations have been marked as resolved
5. Review and establish secure processes and systems at vendor's end for integration with SBI Card
6. Prepare and update assessment questionaries basis various applicable standards and industry good practices such as ISO 27001, PCI-DSS etc. 
7. Monitor vendor compliance, undertake vendor evaluations based on various industry standard and regulatory compliance perspective and suggest feedback / recommendations to the - business / vendor for mitigating identified risk
8. Work with appropriate business users to ensure that for any identified risk require mitigating action along with timeline is agreed and tracked the same for successful closure
9. Act as a subject matter expert to assist the business in identifying and mitigating risks pertaining to their vendor relationships
10. Deliver continuous training and awareness to Business partners on various compliance requirements such as ISO 27001, PCI-DSS etc.
11. Perform process documentation and compliance adherence

Measures of Success 

1. Number of vendor risk assessments conducted successfully
2. Timely and accurate identification and reporting of information security risks pertaining to third parties/vendors 
3. Timely and accurate delivery of updates, presentations, assessment reports etc. to relevant stakeholders
4. Tracking of audit findings and driving to closure within defined timelines
5. Process Adherence as per MOU

Technical Skills / Experience / Certifications

1. Knowledge in multiple information security technologies and their strengths and shortcomings
2. Knowledge of common assessment control techniques
3. Understanding of security controls from people, process and technology perspective
4. Understanding of security architectural principles and standards
5. Experience in system security, network security and information security, control objectives part of ISMS, Technology risk and compliance, BCP & DR planning, Security operations and Cloud security
6. Knowledge of standard security processes and guidelines
7. Experience in implementing or accessing compliance against PCI-DSS, ISO27001 requirements 
8. Industry-standard certifications such as ISO27001:2013 LA, CISA, CISM, Cloud Security etc.

Competencies critical to the role

1. Detail Orientation
2. Process Orientation 
3. Stakeholder Management
4. Analytical ability

Qualification 

Bachelor's Degree in Computer Science / Information Security or any other relevant discipline

Preferred Industry

FSI