Job Title : AVP Cyber Security

Experience: 5-10 Years

Location: Mumbai

Role Summary:

- The AVP Cyber Security is a critical Middle Management role responsible for maintaining the bank's cyber security posture, governance framework, and regulatory compliance as a second line of defense.

- This position requires a Self Motivated individual with deep expertise in the RBI Cybersecurity Framework, adept at performing risk assessments, monitoring Key Risk Indicators (KRIs), and driving the remediation of vulnerabilities and audit findings.

- The incumbent will collaborate across IT and Business units to ensure the effective implementation of Information & Cyber Security controls.

Key Accountabilities & Responsibilities:

- Governance, Compliance & Control Assurance (2nd Line Defense):

- Serve as an assurance function to assess the Design & Operational effectiveness of Information-Cyber Security Controls, fulfilling the requirements of the effective second line of defense within the risk management framework.

- Collaborate strategically with IT, Business, and Support units to ensure the effective implementation of Information & Cyber Security controls in strict accordance with the group's security guidelines, industry standards ( ISO 27001, NIST), and regulatory requirements (RBI Cybersecurity Framework).

- Ensure timely and complete compliance with all regulatory guidelines/advisory/circulars related to Information/Cyber security, overseeing and tracking the Audit's remediation plan for Technology.

- Review correctness & completeness of data compiled for various regulatory submissions (Info-Security) to ensure accuracy and integrity in filings.

Risk Assessment & Monitoring:

- Execute comprehensive, high-fidelity cyber security risk assessments, proactively integrating intelligence on latest technology developments ( Public Cloud, APIs) and underlying emerging risks.

- Monitor Key Risk Indicators (KRIs) related to Cyber Security and Data protection on a periodic basis to assess and report the overall security posture and identify areas of heightened risk.

- Review Bank's Information Security & Cyber Security Policy documentation periodically to maintain relevance, robustness, and operational effectiveness in collaboration with the Security Operations Team & Business Risk Management Team.

Operational Oversight & Assurance:

- Conduct technical review of the effectiveness of the Data Loss Protection (DLP) program and provide critical oversight on the timely investigation and closure of all DLP alerts.

- Review Cyber security advisories/alerts (CISA, CERT-In) as a core component of the Bank's Vulnerabilities Management program, ensuring timely remediation tracking.

- Review (testing effectiveness of) half yearly technology & info-security risks controls self-assessment (RCSA) through validation and evidence inspection.

- Review cyber security controls for outsourced service providers (OSP) and provide risk sign-off for new product/process approvals (NPA), ensuring security-by-design.

Stakeholder Management & Reporting:

- Update Senior Management of Cyber security issues, emerging risks, strategic projects, security incidence response status, and detailed risk mitigation plans.

- Keep Business & Technology stakeholders aware of key regulatory compliance requirements and the specific operational impact of emerging risks.

- Conduct Information Security Committee meetings on a quarterly basis and meticulously track all resultant actionable items to closure via MoM.

- Attend operational risk forums (technology risk forums) to stay updated on areas of concern and provide expert advice as a Subject Matter Expert (SME).

Audit & Remediation:

- Assist in Internal & External Audit process (including 3rd party auditors) and ensure the timely remediation of IS Audit issues and the implementation of corrective actions.

- Evaluate the residual risks/deviation approvals sought by technology or business teams against security control standards, providing objective risk acceptance recommendations.

Security Culture & Advisory:

- Drive information security awareness amongst all staff/vendors via continuous user awareness program on Cyber security best practices.

- Maintain close working relationship with Technology teams as a trusted security advisor in technology initiatives and formal processes such as change management, incident management, patch management, security configuration, and vulnerability management.

- Guide the Security Operations team for the smooth and compliant implementation of Bank's Info-Sec policies and regulatory guidelines.

Required Technical Skills:

- RBI Cybersecurity Framework: Expert-level knowledge of the RBI Cybersecurity Framework and related circulars, with proven experience in compliance implementation and auditing within the Banking sector.

- Risk Assessment: Proven ability to perform complex cyber security risk assessments ( threat modeling, quantitative risk analysis) and manage a GRC tool environment.

- Controls Testing: Hands-on experience testing the effectiveness of technology controls (RCSA) and interpreting results from vulnerability management and penetration testing.

- Policy & Governance: Deep understanding of Information Security Policies, control frameworks, and their operationalization across IT environments.

- DLP & Vulnerability Management: Strong understanding of Data Loss Protection programs and the lifecycle of vulnerabilities and security advisories.

- Cyber Security Audits: Extensive experience coordinating, managing, and technically remediating findings from Cyber Security Audits (internal, external, and regulatory).

Preferred Skills:

- Professional certifications such as CISM, CISSP, CISA, or CRISC.

- Working knowledge of cloud security governance and architecture ( Azure, AWS) and API security standards.