ISS:IS Security Officer

About Information Systems Security

Information Systems Security (ISS) team ensures that Cyber Security Risk and Threats are managed through an risk management framework comprising of Information Systems Security Policies, Standards and Guidelines The bank s Information Security and Cyber Security Policy and Standards based on various regulatory requirements / guidelines from RBI Gopal Krishna report, cyber security framework, NPCI, IT Act, MAS, HKMA, Aadhaar etc, International regulations and standards such MAS, HKMA, PCI-DSS etc The policies and standards approved by the Board of Directors encompassing independent identification, measurement and management of risks across the various businesses of the Bank All compliance related requirements emanating from various regulators and stipulations like legal, regulatory and other standards adopted by the bank are periodically communicated to various stakeholders by way of circulars, office notes, workshops, etc The bank has developed a comprehensive set of metrics like key performance indicators and key risk indicators for review by Business units, Subsidiaries and Top Management on a regular basis Quarterly monitoring and reviews are undertaken by the top management for review and necessary actionThe Security Officer serves as a subject matter expert for goverce and compliance frameworks and regulations, policy development, Identify and monitor non- compliance and escalate when appropriate, Act as the champion for achievement of GRC capabilities, Manage monthly, Quarterly Information Security KRI, Develop, implement, and manage policies specific to GRC capabilitiesDefining and implementing IT policies / IS Security PoliciesIdentify risks in the IT processesDefine controls and analyze implications of making process changesDraw up Risk Control MatricesPlan and conduct process audits within ITFacilitate issue resolution with the IS AuditorsEvaluate IT Security related productsUnderstand, implement, monitor and review of various regulatory / compliance frameworks like SOX, COBIT, ITIL, ISO 27001, ISO 22301, ISO 31000 Basel etcConduct training programmes on Information Security, Risk, compliance and regulatory aspectsAnalysis of various system generated reports, logs, audit reports and VAPT reportsQualificationsFirst class Graduate/Post Graduate in Science or Engineering from a reputed University with exposure to information systemsQualifications like CISA, CISM or CGEIT, CISSP, CEH, BCM, LA in ISO 27001, LA in ISO 22301 or any other recognized qualification in IT Risk Assessment will be preferredThorough knowledge and experience in networking along with certifications like CCNA will also be preferred7 to 9 Years of ExperienceExperience in:Identification, evaluation and documentation of process flows, risks and controlsInformation systems management, IT service management as well as process development and designIT Security - in areas like network security, remote access etcIT Goverce, IT Audits, Projects Execution, IT Planning, etcHandling various security products/solutions like DLP,Third party vendor assessmentPCI DSS implementationRole ProficienciesCurrent Information Technology management standards in the industry as a whole such as COBIT, ITIL, ISO 27001, ISO 31000, PCIDSS, RBI guidelines on Information Security and best practices in BFSIFormulating IT Goverce objectives and goals and developing effective techniques for deriving these objectives from IT initiativesGood understanding and working experience in IT Services management and use of maturity and process improvement models