'%3e%3cpath d='M15.3069 13.1535H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 8.15347H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 3.30693H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath id='clip0_126_10407'%3e%3crect width='16' height='16' fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Deputy Chief Information Security Officer - BFSI
MumbaiJob Description :
Primary Job Duties/Responsibilities :
The key job duties/responsibilities are enumerated below :
- Creating and implementing a strategy for the deployment of information security technologies and solutions to minimize the risk of cyber incidents.
- Preparing information security policy, cyber security policy and cyber crisis management plan.
- Driving and ensuring compliance to the extant regulatory instructions on information/ cyber security.
- Coordinating in assessing Business Impact Analysis of various IT assets and deriving respective RTO and RPO for each asset.
- Ensuring that current and emerging cyber threats to the financial sector and the Bank's preparedness in these aspects are discussed in ISC and other related Committees.
- Developing cyber security KRIs and KPIs.
- Placing a review of cyber security risks/ arrangements/ preparedness of the Bank before the Board/ Board level Committee on a quarterly basis.
- Spearheading implementation of security standards/ IT control frameworks (such as ISO 27001) for critical IT functions.
- Conducting Vulnerability Assessment/ Penetration Testing (VA/ PT) of the IT assets (applications, systems and infrastructure) throughout their lifecycle (pre-implementation, post implementation, after major changes, etc.)
- Managing the daily operation and implementation of the IT security strategy
- Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement
- Solving network related queries and problems satisfactorily, in a timely manner
- Direct significant effort into IT asset management, involving hardening, tagging, tracking, and auditing all IT assets.
- Developing strategies to handle security incidents and trigger investigation
- Delivering new security technology approaches and implementing next generation solutions
- Overseeing the management of the IT security department, giving leadership to the team, an developing staff capabilities
- Ensuring adherence to the latest regulations and compliance requirements
- Running security audits and risk assessments
- Developing, implementing and testing of business continuity plans
- Planning and executing periodic disaster recovery drills / simulation exercises in order to establish the adequacy of the Business Continuity Plan
- Periodically communicating updates relating to IT and cyber security to various stakeholders internally & externally; viz., Board of Directors, senior management team, team members, colleagues of other departments etc.
- Must work to integrate the security requirements with IT and business requirements
- Insure against cyber risks and protect the organization from potential liabilities to the extent possible
- Handling IT related compliance issues and ensuring that the organization follows rules and standards
- Software Development Lifecycle (SDLC) Audit and periodic Code Reviews to ensure that applications continue to be secure
- Information Security Audit of IT Systems and controls
- Issuing and periodic review of device hardening guidelines, patch management guidelines, antivirus / malware guidelines, User Access Management guidelines, privilege access management guidelines, end point management guidelines, connectivity guidelines for trading partners and external agencies, controls on mobile devices and wireless technology
- Developing and Implementation of scenario-based Incident response plans to deal with cyber
crisis, contingencies and disasters, attacks on IT systems etc.
- Escalating and reporting the incidents to the Board and Senior Management and pro-actively notify CERT-In and RBI regarding cyber security incidents, as per regulatory requirements.
- Ensuring security review of all applications / change requests before go-live / production release
- Preparing, maintaining and review of IS Policy
- Managing and monitoring SOC and drive cyber security related projects
- Maintain and monitor on regular basis the threat landscape of the Bank
- Ensuring conduct of periodic tests to evaluate the adequacy and effectiveness of security control measures
- Any other assignment as may be assigned from time to time
Didn’t find the job appropriate? Report this Job
'%3e %3cpath d='M24 48C37.2548 48 48 37.2548 48 24C48 10.7452 37.2548 0 24 0C10.7452 0 0 10.7452 0 24C0 37.2548 10.7452 48 24 48Z' fill='%23333333' fill-opacity='0.8'/%3e %3cpath fill-rule='evenodd' clip-rule='evenodd' d='M22.5299 19.0115V19.5849V29.0154V31.5316C22.5299 32.3403 23.1967 33 24.004 33C24.8114 33 25.4784 32.3358 25.4784 31.5316V29.0154V19.5849V19.013L29.4885 23.0077C30.0627 23.5795 31.0044 23.5743 31.5733 23.0077C32.1421 22.441 32.1423 21.4975 31.5735 20.9308L30.1054 19.4684C30.0891 19.4504 30.0724 19.4329 30.0551 19.4156L25.0837 14.4634L25.0479 14.4264C24.9234 14.3024 24.7807 14.2055 24.6281 14.1358L24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946C24.0039 13.8983 23.3839 14.0068 22.9622 14.4268L22.9533 14.436L21.4743 15.9093C21.4615 15.9211 21.449 15.933 21.4367 15.9452L16.4286 20.934C15.8598 21.5008 15.8545 22.4389 16.4286 23.0108C17.0027 23.5826 17.9394 23.5827 18.5135 23.0109L20.0019 21.5283C20.0147 21.5164 20.0274 21.5043 20.0399 21.492L22.5299 19.0115ZM24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946L24.5952 14.1212Z' fill='white'/%3e %3c/g%3e %3cdefs%3e %3cclipPath id='clip0_99_1825'%3e %3crect width='48' height='48' fill='white'/%3e %3c/clipPath%3e %3c/defs%3e%3c/svg%3e "Scroll Up"){kind=small}