Job
Description
Job Purpose • RBI Returns, RBI-RBS Tranche, CSITE submissions • RBI / CSITE and other regulatory audits • Aadhaar Compliance and Internal Capital Adequacy Assessment Process (ICAAP) submissions • Submissions for Information Security Committee (ISC), Risk Policy and Management Committee (RPMC), IT Apex Committee, IT Strategy Committee, Board meetings etc. • IS, CS Compliance & Governance related activities • Automation Initiatives Job Responsibilities(JR) Deliverables RBI Returns, RBI-RBS Tranche, CSITE Submissions 1. Quarterly RBI / CSITE returns 2. Quarterly RBI-RBS Tranche submissions 3. Monthly CSITE submissions 4. Ad-Hoc CSITE / RBI submissions 5. Incident reporting - RBI,CSITE, CERT-In etc. 6. Tracking and managing Digital Payment Security Controls (DPSC) related compliances. 7. Compliance towards the Advisories, Circulars and Alerts from RBI Classification - Confidential RBI / CSITE and other regulatory audits 1. Managing RBI / CSITE audits; timely collation and submission of compliances & tracking of open observations. 2. National Critical Information Infrastructure Protection Centre (NCIIPC) related requirements. 3. SEBI, NSDL, CDSL, NSE, and BSE related submissions. Aadhaar Compliance and Internal Capital Adequacy Assessment Process (ICAAP) submissions 1. Address Aadhaar related project / process change requirements. 2. Completion of the Aadhar audit as a mandatary requirement for UIDAI. 3. Tracking and monitoring the Aadhar related observations for closure. 4. Quarterly ICAAP submissions. Submissions for Information Security Committee (ISC), Risk Policy and Management Committee (RPMC), IT Apex Committee, IT Strategy Committee, Board meetings etc. 1. Convene and conduct Information Security Committee (ISC) meetings. Documentation and circulation / publication of the minutes of the meeting (MoM). Tracking and monitoring the actionable from the ISC meetings. 2. Timely submission of Notes / presentation deck for Risk Policy and Management Committee (RPMC), IT Apex Committee, IT Strategy Committee, Board meetings etc. Tracking and monitoring the actionable from these meetings. IS, CS Compliance & Governance related activities 1. Develop and periodic review of information security policies, processes, standards and guidelines. Oversee the approval and publication of these documents. 2. Assist in preparing and managing information security (IS) budget. 3. Drive and manage the awareness initiatives for the bank staff, Learning Management System (LMS) Classification - Confidential related course and content, Phishing Simulation (regulatory & internal) etc. 4. Assist in formulating InfoSec skill development & training strategy. Maintain relevant records. 5. Developing enterprise information security effectiveness criteria / metrics including for IT security tools on end points, servers, network. 6. Publish monthly executive metrics summary to senior management in the bank. 7. Point of contact (SPOC) for IT Governance related activities, IT Governance, Risk and Compliance (ITGRC) system management. 8. Managing Statutory, internal / external audits etc. 9. Management and execution of the annual ISG strategy. 10. IA Observations : Effective tracking and monitoring of the observations from the internal audits. Interactions with Internal Audit (IA) team for audit related activities. 11. Data Localization compliance : Guide the business teams for the RBI advisory on data localization. Coordinate with the business teams for arranging and reviewing the System Audit Report (SAR), System Audit Report Certificate (SARC) and Board Resolution / Approval. 12. Compliance towards the requirements of international branches of the bank : Onsite Supervisory Assessment, Half yearly submission of VAPT report etc. Automation Initiatives 1. Requisite guidance and implementation of automation initiatives. Classification - Confidential Educational Qualifications Key Skills • Bachelor’s Degree - IT / computers / electronics • MBA-IT with Compliance Certifications like CISA, CISM, CISSP, COBIT etc. • Risk management • Communication • Knowledge of ISO 27001 and 22301 • Knowledge of risk frameworks • Working with regulators • Knowledge of latest cybersecurity trends & industry best practices on information security in financial Industry. • Working knowledge of security products • Strong skills using Microsoft Office Suite (Word, Excel, Powerpoint) and collaboration tools like O365, Teams. Experience Required • Minimum experience in years : 12 to 15 yrs • Minimum 10 years of experience in managing IT and Information Security compliance management or conducting Information Security / IT audits, handling network security and data center security design, governance and implementation. • Exposure to banking preferable Major Stakeholders 1. Information Technology (IT) 2. Compliance 3. Retail Branch Banking Unit (RBCU) 4. Administration 5. Operations Risk (OR) 6. Credit Intelligence & Control (CIC) 7. Other Business teams Show more Show less
