brand logo
View all jobs

Information Security Officer

Technology - DevOps
Mumbai
Job Description
The Information Security Officer will work closely with inefficient formulation, implementation, and
management of the Bank's information security policy(s) and compliance programs. The incumbent
will ensure efficient management of Information Security Governance, in line with the Reserve Bank
of India and other statutory/regulatory bodies governing our India operations. He/she will also
coordinate and execute the information security management system program (ISMS), Security
operations, VAPT program, and Cyber Security Framework implementation. The job holder will also
ensure that risk management needs in relation to information security, including but not limited to
incident response, access control, business continuity and disaster recovery are duly and promptly
addressed. This role requires extensive coordination and teamwork with inter and intra-department
officials.

STRATEGIC
  • Responsible for all cyber security governance framework along with other activities related to information and cyber security aspects as per the directions from Group Chief Information Security Officer.
  • Contribute to the formulation of, annual strategies, policies, and procedures of the Information Security Section, to support divisional and organizational business strategy.
  • Ensure that the Information Security plans are within agreed budgets and timescales. Assist the Country Manager & Group Chief Information Security Officer in preparing/providing timely, accurate, and complete progress reports to the Management reviews, RBI, IBA, IDRBT, CERT-In, CSITE, etc.
  • Update self on the IT/security industry trends, new solutions, and techniques, as well as emerging threats and regulatory requirements/changes set by QCB and other relevant government bodies, and suggest adequate changes in the section, including but not limited to the staffing of employees, department deliverables, etc.
  • Develop and maintain robust working relationships with internal/external stakeholders to facilitate functional/operational/ strategic needs.
  • Develop and maintain various performance monitoring checklists as required by ISO27001 /RBI Cyber Security Framework for IT and other operations.
  • Is well versed in cyber security governance framework and responsible for managing RBI - CSITE advisories, circulars, policy development, security operation center (SOC), vulnerability assessment and penetration testing, etc.
  • Member of Bank’s India Management Committee where information security-related risks, gaps, and remedial measures are discussed and tabled.
Job Requirement
OPERATIONAL
  • Ensure successful execution of ISO27001 & PCI-DSS and other industry certifications and governance of the certification programs and reporting the progress to management
  • Perform gap analysis of business operation to ascertain the magnitude of results in terms of non-compliance by the business/support functions with the statutory and regulatory requirements.
  • Liaise with external consultants appointed from time to time in assessing the adequacy and effectiveness of the Bank's information security efforts.
  • Perform the Risk assessment which would include identification, assessment, monitoring, and reporting of key information security risks and preparing the mitigating controls. Regularly follow up with Operational departments such as IT and Admin on implementing the mitigating controls with appropriate escalation.
  • Review and follow-up of Compliance with time-to-time applicable laws and regulatory requirements, third-party partners.
  • Ensuring Regular VAPT assessments / PCI / ISO27001 assessments, Internal, and external audits are properly planned and carried out. Also, track the compliance and provide updates/escalation to appropriate authorities. Need to Maintain an updated dashboard.
  • Track and update progress on the Internal /External Audit and VAPT observations and present suitably to Top Management, highlighting the high-risk areas and dependencies.
  • Manage and review Information Security analyses and submit assessment reports on the adequacy of control in accordance with policies, standards, and procedures to safeguard Bank's assets.
  • Depict threats and mitigation options to executive management and preparation of periodic (applicable weekly/ monthly /quarterly) Dashboards, reports, memos, and agenda items for the Information Security council, Risk Management Committee, Audit Committee of the Board, and further compliance of directions.
  • Review all data being generated from periodic threat assessments and ensure maximum accuracy. Revalidate observations with technical stakeholders and ensure that the observations from periodic assessments are accurate and complained.
  • Collection and consolidation of data required for monthly /quarterly /Half-yearly/ yearly - Report submissions / any other compliance reports as required by RBI and its appointed organizations/entities.
  • Submit periodic reports/data pertaining to India operations as required by the Information Security section, Head office including Bank’s defined internal KRI’s.
  • Ensure threats and mitigation measures are correctly populated into the threat register with accurate estimated dates of compliance and threat ratings as per the group’s methodology.
  • Participate actively during internal/external audits and regulatory reviews and ensure implementation of remediation actions on account of the findings reported.
  • Implement regular online/classroom training programs on information security awareness and conduct effective tests.
Qualification & Requirement
  • University Graduate with a degree in Computer Science, Computer Engineering, or any other discipline.
  • 6-10 years of experience in similar position.

Join Talent Pool

Join our talent pool by simply submitting your resume. We’ll inform you about the new jobs matching your profile and update you if you are the best fit for one of our open positions.