Senior Associate, Cyber/IT Security, Technology and Operations

As an Information Security Manager at the Bank, your role involves managing various aspects of Information Security to enhance threat detection and mitigation capabilities within the organization. Here is a breakdown of your responsibilities: **Role Overview:** You will be responsible for managing Information Security Internal & External Vulnerability Assessment, Penetration Testing, Application Security Assessment, Source code review follow-up, Wireless PT, ATM/POS security Assessment, Secure Configuration Review, and Vulnerability management domains. **Key Responsibilities:** - Manage periodic internal and external VA scanning for the bank's production systems - Analyze and report/present vulnerabilities to multiple stakeholders for remediation and prioritization - Maintain an intelligence network to discover reported exploits and zero-day vulnerabilities applicable to the Bank - Manage annual security testing program for existing and new production systems - Collaboratively work with Application Development/Security Mavens to follow Security gates set in the Organizations SDL - Coordinate with various internal teams for Application security initiatives and automation efforts - Evangelize application security within the firm and work with Application Development Security Mavens to incorporate new program direction into applications - Conduct presentations on application security topics for TRM and AD management - Provide regular status updates on all assigned tasks and deliverables - Maintain issue logs, track/follow up on problems, and mitigate risks by following established procedures **Qualifications Required:** - Overall 6+ years of experience in Information/Cyber Security - 4+ years of experience in vulnerability management and application security - Experience in managing a team of 5+ members - Work experience in BFSI sector is preferred - Graduation in BE IT/Computers/Electronics, B.Sc - Computers, M.Sc - Computers - Post-Graduation in PGDIT, MCA, MBA - Certifications like CISSP, CISM, SANS, OSCP/OSCE, and CREST are preferred In addition to the above, you should have excellent analytical and decision-making skills, effective communication, documentation, and report writing skills. You should also have the ability to consult and validate solutions to mitigate risks to business and systems. Please note that technical competencies in tools such as VAPT - Rapid7, Nessus, Metasploit, QualysGuard, Burpsuite, CI/CD tools, WAF, HIDS, IPS, Firewall, Networking are essential for this role.,