Assistant Manager - IT Security Risk Management

About Business line/Function:

The Information Security and Business Continuity Management department safeguards the confidentiality, integrity and availability of the banks data and systems while ensuring that essential business processes can continue or be rapidly restored after disruption. It defines and enforces security policies, conducts risk assessments, monitors threats and leads incident response, and identifies critical services, creates and tests continuity and disaster-recovery plans, and maintains recovery-time objectives. By aligning with regulatory requirements, reporting to senior management and providing training across the organization, the department protects client trust and guarantees uninterrupted service delivery, reinforcing the banks overall resilience.

The IT Security Risk Manager is responsible for governing the banks security exception process, ensuring that all applications meet the defined security control standards, and embedding risk management practices across the technology landscape. The role safeguards the confidentiality, integrity, and availability of information assets while supporting business agility through disciplined, risk based decision making.

Direct Responsibilities

- Log and assess exception requests, evaluate residual risk, obtain formal approvals, track remediation and escalate overdue items.

- Ensure periodic security control reviews of new/changed applications have been performed for the requirements mentioned in the group wide policies, and noncompliance controls are being tracked with remediation action.

- Perform periodic risk assessments of IT assets, platforms, and processes, quantifying likelihood and impact in line with the banks risk rating methodology.

- If required, Support internal and external audits by supplying evidence of risk treatment actions, exception handling, and compliance with standards (such as 27001, NIST 800 53, PCI DSS, GDPR and/or Basel III cyber resilience) expectations.

- Ensure that security requirements are intact as per regional or global policies.

- Act as the primary liaison between security, IT operations, development, and business units to align on risk appetite and security expectations.

- Continuously review and streamline the exception approval workflow and application security compliance processes to increase efficiency and auditability.

- Contribute to the development and maintenance of security policies, standards and guidelines.

Experience Range : 5 to 9 years