Principal Consultant at Fortune HR Consultant
Views:5320 Applications:206 Rec. Actions:Recruiter Actions:66
Head - IT Security & Risk - Bank (9-21 yrs)
Job Description :
The Head IT (Risk & Security) Operations is responsible is as follows.
The position will directly report to Chief Information Security Officer.
We seek any qualified and certified persons who have experience as described below:
Core responsibilities include:
- Overall technology evaluation and selection to meet the agreed upon security architecture plan
- Management of IT Security systems and applications
- Application Security
- Management of Security staff and Security Operations Centre (SOC)
- Security and Business Continuity and Disaster Recovery Planning (BCDR)
- Authentication, identity and access management
- Perimeter, System, and Application Vulnerability Management
- Information Technology (IT) and Business Process risk management (financial systems, etc)
- Computer Emergency Response Team / Computer Security Incident Response Team
- Knowledge on forensic investigations, digital forensics, eDiscovery
- Support risk assessment and its mitigation across IT Services
- Manage Outsourced Partners towards effectiveness in Outsourced Operations.
- Communications of situational status when security events occur.
DUTIES AND RESPONSIBILITIES:
IT Security Operations :
- Responsible for the Operational and Tactical leadership of the Bank's information security program.
- Work withbank's leadership to oversee the formation and operations of a Bank-wide information security operations that is organized toward a common goal in information security as desired by regulator.
- Promote collaborative, empowered working environments across bank, removing barriers and realizing possibilities.
- Manage bank-wide information security governance processes, support the Information Security Advisory Committee and lead Information Security Operations Liaisons in the establishment of an information security program and project priorities.
- Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire bank in support of an entire suite of bank's application &information systems and technology.
- Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
- Stay abreast of information security issues and regulatory changes affecting banking operations, participate regulatory requirements on security policy and practice discussions, and communicate to Bank's Leadership team on a regular basis about those topics.
- Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
- Perform special projects and other duties as assigned.
- Lead in the adoption and enforcement of Information Security policies, procedures and standards. Conduct and complete annual review of required RBI regulations and reports.
- Maintain the Bank's Security Policies from IT Department per se along with Chief Information Security Officer.
- Maintain the Bank's Security Procedures in the outsourced scenario that include:
- Evaluation and compliance with security measures.
- Disaster Recovery and Emergency operating procedures.
- Security Incident Response and process protocols including Incident Reporting and Sanctions.
- Testing of security procedures, mechanisms and measures.
- Maintain appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted patient data and protect against reasonably anticipated threats and hazards.
- Oversee and/or assist in performing on-going security monitoring of organization information systems.
- Ensure compliance through adequate training programs and periodic security audits. These audits should be both internal and external in nature.
IT Risk Management:
- Risk Identification, Assessment and Evaluation KEY PERFORMANCE AREAS (KPA- S) Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy.
- Identify legal, regulatory and contractual requirements and Bank's policies and standards related to information systems to determine their potential impact on the business objectives.
- Identify potential threats and vulnerabilities for IT processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.
- Create and maintain a risk register to ensure that all identified risk factors are accounted for.
- Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.
- Develop a risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture.
- Correlate identified risk scenarios to relevant IT processes to assist in identifying risk ownership.
- Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment
- Risk Response Develop and implement risk responses to ensure that risk factors and events are addressed in a cost-effective manner and in line with IT objectives.
- Monitor and communicate key risk indicators (KRIs) and management activities to assist relevant stakeholders in their decision-making process.
- Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively.
- Identify and report on risk, including compliance, to initiate corrective action and meet business and regulatory requirements.
EDUCATION, CERTIFICATIONS AND/OR EXPERIENCE
- College degree in Technology (BE-IT) or its equivalent preferred.
- Certifications in CISM/CISSP/CISA will be considered as value addition.