AVP-Information Security

Job Responsibilities:

• The incumbent shall be responsible for managing, maintaining and enhancing the Information Security / Cyber Security Governance & IT Risk Mgmt., and Cyber Compliance posture of the Bank, maintenance of Information Security policies & Cyber security procedures and imparting of the policy education, training and awareness.
• He /She shall be responsible for implementing, monitoring and enhancing cyber security controls & processes to align to organization & regulatory requirements. Such controls /processes would include vulnerability management (VA/PT), security baseline reviews & configuration assessments, red teaming & social engineering tasks, monitoring security logs & alerts and managing incidents, amongst other tasks.Responsible for execution of various regular & periodic Information /Cyber Security controls and processes, managing data confidentiality & security, conducting investigations and timely reporting & managing security incidents. 
• Responsible to support the implementation of new security tools & technologies and/or new IT systems, and administer /operationalize such security tools including defining use-cases, creating control tasks, SOPs etc.
• Ensure continuous availability, health, and performance of cybersecurity tools and platforms.
• Perform configuration updates, policy tuning, rule optimization, and coverage expansion for security controls. Conduct periodic control effectiveness checks and identify gaps or optimization opportunities.
• Collaborate with OEMs and service partners for upgrades, patches, and technical enhancements. Maintain SOPs, runbooks, inventories, diagrams, and process documentation.
• He /She shall be responsible for execution of  IT /Cyber Security controls for the organization, and should be able to execute and improve the IT Security KRIs and appropriate reporting thereof.
• He /She shall be responsible to perform IT Security Risk assessments of new & existing processes, projects and applications / infrastructure.
• Shall be responsible to guide and collaborate with IT on risk mitigation measures, new & existing controls, security procedures, InfoSec / Cyber related regulatory guidelines and related compliance.
• Shall be responsible for initiating and completing IT Security related projects (regulatory driven or otherwise).
• The incumbent shall be able to continuously analyse bank's information /cyber security program, implementation & execution of defined controls, and work towards sustained compliance to those and improvement of the same. 

Section : (a) Knowledge (b) Skills (c) Experience (d) Qualifications 

A & B. Knowledge & Skills:
•    Detailed understanding of IT Security and Infrastructure practices, operations, standards and frameworks. 
•    Should be well-versed with various cyber security directions /guidelines from regulatory bodies such as RBI, CERT-In amongst others.
•    Experienced in developing and implementing enterprise security governance, IT risk and compliance strategy and solutions
•    Should be well-versed Information & Cyber security standards and frameworks such NIST, ISO, OWASP, ITGC, IT Act etc.
•    Hands-on in managing Cyber Security, Data Confidentiality & Security, Customer Information Protection, Security controls and monitoring processes, and Incident response management.
•    Security project management and planning; Ability to deliver on complex regulatory / technical security projects and initiatives.
•    Good working knowledge of SOC processes and related Security Monitoring Tools (such as SIEM, NBAD (Behavioral Anomaly detection), DAM etc).
•    Good working knowledge of Privileged Identity & Access Management (PIM/ PAM), related tools & controls.
•    Good understanding of Network Security and working knowledge of related Monitoring (such as Log analysis, Firewall reviews, IDPS alerts etc).
•    Good knowledge of various IT & Cyber Compliance matters such as Vulnerability Management, System Security Baselines, Hardening reviews /Security Configuration Assessments,  Patching etc and appropriate remediations for the same.
•    Good working knowledge of handling information/cyber security alerts & incidents (such as related to phishing, malware, cyber-frauds etc). 
•    Good knowledge of performing IT Security risk assessments - risk identification, mitigation measures etc.
•    Good understanding and hands-on experience of handling external /regulatory & internal Audits especially related to Cyber security.
•    Good working knowledge on MS Office tools like Excel, Powerpoint would be essential. Should be well versed with various functions and data handling techniques in Excel. 
•    Proven track record in IS processes execution and enhancements. 

C. Experience:
•    Around 10 years of progressive experience in the field of Information & Cyber Security, including experience in IT Security /Network Security and/or Cyber Risk Management and/or Cyber program management in a global banking environment. 
•    Experience in BFSI or Banking environment would be preferred, but not mandatory. 

D. Qualifications:
•    Must have completed a Bachelor's degree (preferably BE / B.Tech.). A Master's degree in Information Systems will be preferred.

Section: Certification

Any one or more of the below or other similar security related certifications:

• Certified Information Systems Security Professional (CISSP).
• Certified Information Systems Auditor (CISA).
• Certified Information Security Manager (CISM).
• ISO 27001 Lead Implementer / Auditor.
• Lead Auditor Certified from Reputed ISO Certification Body (BSI)
• Any other Cybersecurity / Cloud Security / AI Governance related certifications.

Purpose of the position

• The incumbent shall be responsible for managing, maintaining and enhancing the Information Security / Cyber Security Governance & IT Risk Mgmt., and Cyber Compliance posture of the Bank, maintenance of Information Security policies & Cyber security procedures and imparting of the policy education, training and awareness. He / She shall be responsible for execution of various Information /Cyber Security controls, & processes, monitoring compliance with the regulatory & organizational regulations, managing data confidentiality & security, conducting investigations & reporting security incidents. He /She would be responsible to perform IT Security Risk assessments of applications, review implementation of new IT systems, security tools & technologies, to continuously evaluate the bank's information security program and work toward continuous improvement of the same via innovative thinking & drive towards automation of controls.
• The role would include interacting with the Auditors and Regulators such as RBI for Cyber Security Compliance-related requirements. He/ She shall also coordinate with vendors, internal IT teams, and security SMEs. He /She shall be responsible for implementing, monitoring and enhancing cyber security controls & processes to align to organization & regulatory requirements. Such controls /processes would include vulnerability management (VA/PT), security baseline reviews & configuration assessments, red teaming & social engineering tasks, monitoring security logs & alerts and managing incidents, amongst other tasks