Job
Description
Job Purpose
Information security team member (with skip level reporting to CISO) who is proficient in maintaining & managing Source Code Security and SBoM (Software Bill of Material). Information Security tool management & governance. Understanding of regulatory requirements. Driving information Security projects & Monitoring Key Risk Indicators (KRIs) for Software Security.Duties and Responsibilities
Minimum required Accountabilities for this role1. Secure Code Review and Vulnerability RemediationPerform and drive regular secure code reviews for web, Android, and iOS applications to proactively identify security weaknesses.Provide actionable remediation guidance and ensure timely tracking and closure of identified code vulnerabilities.2. SBOM Compliance and Regulatory AlignmentEnsure the organizations Software Bill of Materials (SBOM) is accurate and compliant with industry and government regulatory standards.Support audits and compliance efforts by maintaining evidence of SBOM integrity and traceability.3. Cross-Functional EngagementWork closely with technology teams, business units, and external partners to drive resolution of security issues within defined SLAs.Facilitate communication of security findings and timelines to non-technical stakeholders.4. Security Dashboards and ReportingDesign and maintain security scorecards and dashboards that provide clear visibility into vulnerability status, remediation progress, and risk trends.Present findings and metrics to leadership to support informed decision-making.5. Enterprise Threat and Vulnerability ManagementContinuously track, prioritize, and communicate security threats and vulnerabilities affecting the organization.Stay updated on emerging threats and coordinate with relevant teams for timely mitigation.Additional Accountabilities pertaining to the role
Develop and maintain secure coding standards and policies.
Collaborate with developers and IT teams to ensure adherence of secure coding practices.
Discover and Mitigate Cyber Risks and exploitable vulnerabilities in the internet facing apps/assets
Work with partners in carrying out comprehensive VAPT assessment
Ethical Hacking and performing VAPT activity
Latest technology security API, Microservices, RPA, IOT etc.
Maintain compliance as per organization compliance policy
Highlight risk & mitigation plan
Responsible for Reports & Technical documentation.
Should be capable to guide the team/individual on requirement basis.
Communicate effectively with stakeholders & cross function teams
Strong troubleshooting, analytical, and communication skills
Good attitude towards corporate environment.
Team player & Mentor to the team.
Key Decisions / Dimensions
Identification of right mitigation for secure code.
Review the observation and suggest alternate code fixes if primary fix is not feasible.
Discuss observation response as applicable & improve security controls. Face applicable audits.
Major Challenges
Handling multiple stakeholders at a time
Reviewing and validating issues identified in SAST
Coordination with third party consultants who assist in auditing and compliance initiatives
Required Qualifications and Experience
a)QualificationsEngineering Graduate with 35 years of total experience in DevSecOps or related application security roles. b)Work ExperienceHands-on experience as a Security Champion or in a similar cross-functional role, actively performing source code reviews. Strong expertise in Software Bill of Materials (SBOM) management and good understanding of third-party dependency risks are essential.Familiarity with security tools such as GHAS (GitHub Advanced Security), Checkmarx, Burp Suite, OWASP ZAP, etc.Strong understanding of OWASP Top 10, secure coding practices, and security testing methods.Solid programming knowledge in languages such as Java, Python, Flutter, JavaScript, C#, or Go.Experience with CI/CD environments and integrating security tools into pipelines.Sound knowledge on IT infrastructure, Information Security concept, regulatory guidelines related to IT and cyber for NBFCsPositive attitude, Hard Worker and team player Excellent Communication and Leadership Skills Certifications like CEH (Ethical Hacking), Azure/AWS Security, application penetration testing would be an added advantage
