VP/AVP - Information Security

Role & responsibilities

Key highlights of the role are listed below (purely indicative and not limiting):

• Information security strategy both short term and long term.
• Lead in the development/adoption and enforcement of Information Security policies, procedures and standards.
• Conduct and complete an annual review of required PCIDSS, ISO 27001 regulations and certification.
• Conducting Application security and vulnerability check and monitor this as periodic activity.
• Conducting risk assessment and security reviews of new applications and initiatives and recommendation to mitigate risk.
• Conducting Risk assessment on URLs and Interfaces.
• Ensuring regulatory and non-regulatory compliance on IT Governance and Cyber Security within stipulated timelines
• Management of Cyber Security Operation Centre
• Develop Information security awareness training and education program, work with other BOBCARD department to ensure proper training material.
• Perform regular audits to ensure security practices are compliant.
• Set and implement user access controls and identity and access management systems.
• Monitor network and application performance to identify and irregular activity.
• Deploy endpoint detection and prevention tools to thwart malicious hacks.
• Set up patch management systems to update applications automatically.
• Implement comprehensive vulnerability management systems across all assets onpremises and in the cloud.
• Work with IT operations to set up a shared disaster recovery/business continuity plan.
• Set the access and authorization controls for everyday operations as well as emergency procedures for data.
• Work with HR and/or team leads to educate employees on how to identify suspicious activity.
• Ensure personnel only have access to the sensitive information for which they have appropriate authority and clearance.
• Ensure controls in place against unauthorized access to workstations and related equipment.
• Set the access and authorization controls for everyday operations as well as emergency procedures for data.

Applicants should possess the following attributes:

• PCIDSS Compliance, ISO 27001 Standard, Red Teaming, Vulnerability Management, Network VAPT, Application Security review, Cloud Configuration review.
• Cyber Security Governance / Management, Regulatory Compliance, Data Privacy and Data Security Laws and its implementation.
• Cyber Security Operations, exposure to security technologies like SIEM, VM, Forensics, UEBA, SOAR, TIP, DAM, Deception System, Anti APT etc.
• Exposure to technology risk assessments like cloud computing, IOT, SDN, client-server applications, multi-layered web applications, non-relational databases, firewalls, VPNs,IPS network and application security.
• Use of emerging technologies such as AI, ML, Block Chain, SDL, threat hunting, automation in cyber security