Apply now »

AVP-Information Security

Date:  Apr 7, 2026
Location: 

India

Office Location:  New Delhi, India

Section 2 (A) : Scope and Dimension 
Guidance Notes 
•    Information /Cyber Security Manager for India branches
•    Individual Contributor role, with no people management responsibilities. 
•    To ensure timely compliance with all InfoSec /Cybersecurity related regulations / advisories /alerts, and manage any IS related regulatory /external /internal audits.  
•    To perform execution & supervision of various security controls and daily tasks 
•    Not a customer facing role, but regular interactions & collaboration required with internal departments such as IT and other dept end-users, and with Head Office /Regional Office stakeholders.


Section 2 (B) : Challenges 
Guidance Notes
•    Timely execution of various security controls with utmost quality.
•    Strict adherence to defined security policy and procedures and Regulatory requirements. 
•    Following the guidelines & work instructions well and ensuring no deviations.
•    To be able to learn quickly in an on-the-job training mode and understand the SMBC work culture well & adapt quickly.
•    Though no people management responsibilities, but should be able to guide, mentor & review the work of less experienced staff within the team and get work done collaboratively with peers. 

 

Section 3 : Job Responsibilities
•    The incumbent shall be responsible for managing, maintaining and enhancing the Information Security / Cyber Security Governance & IT Risk Mgmt., and Cyber Compliance posture of the Bank, maintenance of Information Security policies & Cyber security procedures and imparting of the policy education, training and awareness. 
•    He /She shall be responsible for implementing, monitoring and enhancing cyber security controls & processes to align to organization & regulatory requirements. Such controls /processes would include vulnerability management (VA/PT), security baseline reviews & configuration assessments, red teaming & social engineering tasks, monitoring security logs & alerts and managing incidents, amongst other tasks.
•    Responsible for execution of various regular & periodic Information /Cyber Security controls and processes, managing data confidentiality & security, conducting investigations and timely reporting & managing security incidents.  
•    Responsible to support the implementation of new security tools & technologies and/or new IT systems, and administer /operationalize such security tools including defining use-cases, creating control tasks, SOPs etc.
•    Ensure continuous availability, health, and performance of cybersecurity tools and platforms.
•    Perform configuration updates, policy tuning, rule optimization, and coverage expansion for security controls. Conduct periodic control effectiveness checks and identify gaps or optimization opportunities.
•    Collaborate with OEMs and service partners for upgrades, patches, and technical enhancements. Maintain SOPs, runbooks, inventories, diagrams, and process documentation.
•    He /She shall be responsible for execution of  IT /Cyber Security controls for the organization, and should be able to execute and improve the IT Security KRIs and appropriate reporting thereof. 
•    He /She shall be responsible to perform IT Security Risk assessments of new & existing processes, projects and applications / infrastructure.  
•    Shall be responsible to guide and collaborate with IT on risk mitigation measures, new & existing controls, security procedures, InfoSec / Cyber related regulatory guidelines and related compliance.
•    Shall be responsible for initiating and completing IT Security related projects (regulatory driven or otherwise).
•    The incumbent shall be able to continuously analyse bank’s information /cyber security program, implementation & execution of defined controls, and work towards sustained compliance to those and improvement of the same. 

 


Section 6 : (a) Knowledge (b) Skills (c) Experience (d) Qualifications 

A & B. Knowledge & Skills:
•    Detailed understanding of IT Security and Infrastructure practices, operations, standards and frameworks. 
•    Should be well-versed with various cyber security directions /guidelines from regulatory bodies such as RBI, CERT-In amongst others.
•    Experienced in developing and implementing enterprise security governance, IT risk and compliance strategy and solutions
•    Should be well-versed Information & Cyber security standards and frameworks such NIST, ISO, OWASP, ITGC, IT Act etc.
•    Hands-on in managing Cyber Security, Data Confidentiality & Security, Customer Information Protection, Security controls and monitoring processes, and Incident response management.
•    Security project management and planning; Ability to deliver on complex regulatory / technical security projects and initiatives.
•    Good working knowledge of SOC processes and related Security Monitoring Tools (such as SIEM, NBAD (Behavioral Anomaly detection), DAM etc).
•    Good working knowledge of Privileged Identity & Access Management (PIM/ PAM), related tools & controls.
•    Good understanding of Network Security and working knowledge of related Monitoring (such as Log analysis, Firewall reviews, IDPS alerts etc).
•    Good knowledge of various IT & Cyber Compliance matters such as Vulnerability Management, System Security Baselines, Hardening reviews /Security Configuration Assessments,  Patching etc and appropriate remediations for the same.
•    Good working knowledge of handling information/cyber security alerts & incidents (such as related to phishing, malware, cyber-frauds etc). 
•    Good knowledge of performing IT Security risk assessments - risk identification, mitigation measures etc.
•    Good understanding and hands-on experience of handling external /regulatory & internal Audits especially related to Cyber security.
•    Good working knowledge on MS Office tools like Excel, Powerpoint would be essential. Should be well versed with various functions and data handling techniques in Excel. 
•    Proven track record in IS processes execution and enhancements. 

C. Experience:
•    Around 10 years of progressive experience in the field of Information & Cyber Security, including experience in IT Security /Network Security and/or Cyber Risk Management and/or Cyber program management in a global banking environment. 
•    Experience in BFSI or Banking environment would be preferred, but not mandatory. 


D. Qualifications:
•    Must have completed a Bachelor’s degree (preferably BE / B.Tech.). A Master’s degree in Information Systems will be preferred.

Apply now »