What s in it for YOU
- SBI Card truly lives by the work-life balance philosophy. We offer a robust wellness and wellbeing program to support mental and physical health of our employees
- Admirable work deserves to be rewarded. We have a well curated bouquet of rewards and recognition program for the employees
- Dynamic, Inclusive and Diverse team culture
- Gender Neutral Policy
- Inclusive Health Benefits for all - Medical Insurance, Personal Accidental, Group Term Life Insurance and Annual Health Checkup, Dental and OPD benefits
- Commitment to the overall development of an employee through comprehensive learning & development framework
Role Purpose
Threat & Vulnerability Management is one of high concern areas in order to prevent SBIC from any potential threat actor. This role is responsible for managing & maturing overall Application Security lifecycle starting from requirements gathering to decommissioning phase. This includes assuring compliance to RBIs requirement on Digital Application with activities such as Threat Modeling, Secure Application Architecture and Run-time security controls. This role also leverage expert knowledge of todays ever-changing cybersecurity and risk landscape to influence IT landscape across SBIC Card environment.
Role Accountability
Functional Areas:
- Provide technical expertise for information security policies and standards for Application Development throughout SDLC
- Maintaining current knowledge and understanding of the threat landscape and emerging security threats and vulnerabilities to build adequate solution
- Help SBIC IT Team build agile application development platforms rooted on flexible container-based platforms and aligned to agile development and CI/CD best practices
- Provide expertise in security tools for vulnerability assessment, penetration testing & application security
- Define security runtime products and development tooling migration strategy and guidelines for digital applications
- Ensures (web) applications, APIs, and cloud services are planned, designed, developed, implemented and monitored in accordance with security policies and to meet compliance requirements
- Perform regular status reviews with IT asset owners & senior leadership to ensure compliance with InfoSec policies and RBIs requirement on Digital Applications
- Participate in and support application security reviews and threat modeling, support security testing team for code review and dynamic testing.
- Industry analysis for latest security systems, standards, authentication protocols, security framework to guide development team to implement for new projects
- Facilitate and support the preparation of security releases.
- Support and consult with product and development teams in the area of application security.
- Assist in development of automated security testing to validate that secure coding best practices are being used.
- Manage & Mature Application Security Standard, Framework and related process
New Technology & Risks
- Evaluates and recommends tools and solutions that provide protection to SBIC application landscape
- Maintain contact with vendors regarding security system updates and technical support of security products
- Performs cost-benefit and risk analysis
- Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks
Vendor Management
- Maintain relationship with managed security services vendor leadership to ensure effective implementation and operation of security programs, ongoing support and deployment of competent resources
- Oversee the development, implementation and maintenance of vendor standard operating procedures/ run book in line with SBI Card policies & standards
- Provide technical & program management expertise and oversight over vendor teams
Stakeholder Management
This role requires strong skills to discuss technical & non-technical aspect with articulation of Risk to demonstrate requirement and drive mitigation of Vulnerability
- Internal Stakeholders: Information technology function including its vendor, Senior leaders like CISO & , DPO and other Business/functional leaders
- External Stakeholders: Vendor Team
Measures of Success
- Successful implementation/ adoption of any new solution, technology or framework as per regulatory and SBIC policy
- Successful delivery of security projects specifications within time and budget
- Secure delivery of workload protection and applications (enterprise, web and mobile app) hosted on-premise or on Cloud
- Reduction in attack surface and threat exposure for SBI Card IT platforms
- Consistently enhance the security posture to reduce overall risk to SBI Card
- No major observation in internal/external audit on security design for applications
Technical Skills / Experience / Certifications
- Deep knowledge and understanding of enterprise IT Systems, infrastructure, and security technologies.
- Knowledge of Information Security Standards like ISO 27001, PCI-DSS, NIST CSF, CSA framework etc.
- Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc.).
- Experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, etc.) preferred.
- Experience architecting solutions within Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), VMware NSX, Oracle etc.
- Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes such as secure software development, Application Security, data protection, cryptography, key management, identity and access management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments.
- Excellent interpersonal and communication skills required to partner with other leaders across IT & business functions.
- Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies.
- Experience with enterprise applications (architecture, development, support, and troubleshooting).
- Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies.
- Experience representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions.
- Working knowledge of compliance frameworks and security management standards (e.g., ISO 27001, NIST CSF, CIS etc.)
- Experience with enterprise architecture and working as part of a cross-functional team to implement solutions.
Competencies critical to the role
- Demonstrate skills to achieve stated objectives.
- Demonstrate communication skills to address different audiences.
- Demonstrate self-starter with ability to gain required knowledge in dynamic environments and remain up to date on cutting-edge technologies.
- Demonstrate teamwork & collaboration.
- Demonstrate analytical, troubleshooting, and problem-solving skills.
Qualification
Bachelor s Degree in a related area such as Computer Science or Information Technology or B. Tech
Preferred Industry
BFSI / NBFC /E-commerce/IT & ITES / Telecom
