Assistant Vice President - Information Security Architect (Application)

Role Purpose

Threat & Vulnerability Management is one of high concern areas in order to prevent SBIC from any potential threat actor. This role is responsible for managing & maturing overall Application Security lifecycle starting from requirements gathering to decommissioning phase. This includes assuring compliance to RBI's requirement on Digital Application with activities such as Threat Modeling, Secure Application Architecture and Run-time security controls. This role also leverage expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT landscape across SBIC Card environment.

Role Accountability

Functional Areas:

Provide technical expertise for information security policies and standards for Application Development throughout SDLC

Maintaining current knowledge and understanding of the threat landscape and emerging security threats and vulnerabilities to build adequate solution

Help SBIC IT Team build agile application development platforms rooted on flexible container-based platforms and aligned to agile development and CI/CD best practices

Provide expertise in security tools for vulnerability assessment, penetration testing & application security

Define security runtime products and development tooling migration strategy and guidelines for digital applications

Ensures (web) applications, APIs, and cloud services are planned, designed, developed, implemented and monitored in accordance with security policies and to meet compliance requirements

Perform regular status reviews with IT asset owners & senior leadership to ensure compliance with InfoSec policies and RBI's requirement on Digital Applications

Participate in and support application security reviews and threat modeling, support security testing team for code review and dynamic testing.

Industry analysis for latest security systems, standards, authentication protocols, security framework to guide development team to implement for new projects

Facilitate and support the preparation of security releases.

Support and consult with product and development teams in the area of application security.

Assist in development of automated security testing to validate that secure coding best practices are being used.

Manage & Mature Application Security Standard, Framework and related process

New Technology & Risks

Evaluates and recommends tools and solutions that provide protection to SBIC application landscape

Maintain contact with vendors regarding security system updates and technical support of security products

Performs cost-benefit and risk analysis

Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks

Vendor Management

Maintain relationship with managed security services vendor leadership to ensure effective implementation and operation of security programs, ongoing support and deployment of competent resources

Oversee the development, implementation and maintenance of vendor standard operating procedures/ run book in line with SBI Card policies & standards

Provide technical & program management expertise and oversight over vendor teams

Stakeholder Management

This role requires strong skills to discuss technical & non-technical aspect with articulation of Risk to demonstrate requirement and drive mitigation of Vulnerability

Internal Stakeholders: Information technology function including its vendor, Senior leaders like CISO & , DPO and other Business/functional leaders

External Stakeholders: Vendor Team

Measures of Success

Successful implementation/ adoption of any new solution, technology or framework as per regulatory and SBIC policy

Successful delivery of security projects specifications within time and budget

Secure delivery of workload protection and applications (enterprise, web and mobile app) hosted on-premise or on Cloud

Reduction in attack surface and threat exposure for SBI Card IT platforms

Consistently enhance the security posture to reduce overall risk to SBI Card

No major observation in internal/external audit on security design for applications

Technical Skills / Experience / Certifications

Deep knowledge and understanding of enterprise IT Systems, infrastructure, and security technologies.

Knowledge of Information Security Standards like ISO 27001, PCI-DSS, NIST CSF, CSA framework etc.

Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc.).

Experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, etc.) preferred.

Experience architecting solutions within Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), VMware NSX, Oracle etc.

Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes such as secure software development, Application Security, data protection, cryptography, key management, identity and access management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments.

Excellent interpersonal and communication skills required to partner with other leaders across IT & business functions.

Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies.

Experience with enterprise applications (architecture, development, support, and troubleshooting).

Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies.

Experience representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions.

Working knowledge of compliance frameworks and security management standards (e.g., ISO 27001, NIST CSF, CIS etc.)

Experience with enterprise architecture and working as part of a cross-functional team to implement solutions.

Competencies critical to the role

Demonstrate skills to achieve stated objectives.

Demonstrate communication skills to address different audiences.

Demonstrate self-starter with ability to gain required knowledge in dynamic environments and remain up to date on cutting-edge technologies.

Demonstrate teamwork & collaboration.

Demonstrate analytical, troubleshooting, and problem-solving skills.

Qualification

Bachelor’s Degree in a related area such as Computer Science or Information Technology or B. Tech

Preferred Industry

BFSI / NBFC /E-commerce/IT & ITES / Telecom