He /She shall be responsible for execution of various Information & Cyber Security controls and processes, daily security monitoring tasks and various weekly /monthly security controls & reporting activities(such as monitoring access logs and security violations, analyzing user access requests and conducting periodic access reviews, data collation /analysis & reporting, managing various security control books and procedural documentations etc.).
He /She shall be responsible for execution of controls related to Regulatory & Head Office guidelines and ensuring compliance to those, conducting investigations and reporting ofsecurity incidents. He/ She shall be involved in imparting security training and awareness sessions.
He /She shall be responsible to support the implementation of new security tools & technologies and/or new IT systems, and administer /operationalize such security tools including defining use-cases, creating control tasks, SOPs etc.
He /She shall be responsible for execution of various Security controls for the organization, and should be able to execute and improve the Security KRIs and appropriate reporting thereof.
He /She shall be responsible to perform IT Security Risk assessments of new & existing processes, projects and applications / infrastructure.
The incumbent shall be able to continuously analyse bank’s information /cyber security program, implementation & execution of defined controls, and work towards sustained compliance to those and improvement of the same.
Detailed understanding of IT Security and Infrastructure practices, operations, standards and frameworks.
Good working knowledge of performing IT Security risk assessments
Good working knowledge of SOC processes and related Security Monitoring Tools (such as SIEM, NBAD (Behavioral Anomaly detection), DAM etc).
Good working knowledge of Privileged Identity & Access Management (PIM/ PAM), related tools & controls.
Good understanding of NetworkSecurity and working knowledge of related Monitoring (such as Log analysis, Firewall reviews, IDPS alerts etc).
Good working knowledge in Vulnerability Assessments (VA /PT) and/or System Security Hardening and appropriate remediations.
Good working knowledge /understanding of Data Protection & Security, DLP, data encryption etc.
Good working knowledge of handling information/cyber security alerts & incidents (such as related to phishing, malware, cyber-frauds etc).
Ability to execute / implement Information Security Operations processes and perform daily / weekly /monthly security controls and tasks.
Good working knowledge of implementation of security tools and related administration /operationalization.
Fair understanding / Experience of working on Security Audits – would be preferred, but not mandatory.
Good working knowledge on MS Office tools like Excel, Powerpoint would be essential. Should be well versed with various functions and data handling techniques in Excel.
Ability to work on routine security activities as well complex technical security projects and initiatives.
Proven track record in IS processes execution and enhancements. Willing to quickly learn and adapt to new processes & environment.
C. Experience:
Around 5 to 8 years of progressive experience in the field of Information Security, including experience in either Cyber Security, Security Controls & Operations, CSIRT (Cyber Security Incident Response Team) or Privileged Identity & Access Management in a global environment. Experience in BFSI or Banking environment would be preferred, but not mandatory.
D. Qualifications:
Must have completed a Bachelor’s degree (preferably BE / B.Tech.). A Master’s degree in Information Systems will certainly be preferred.
Certification – Select the relevant Certifications from the list below :
Any one or more of the below or other similar security related certifications:
ISO 27001 Lead Implementer / Auditor
Lead Auditor Certified from Reputed ISO Certification Body (such as BSI)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP)
Cloud Security related certifications such as CCSP or CCSK
