'%3e%3cpath d='M15.3069 13.1535H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 8.15347H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 3.30693H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath id='clip0_126_10407'%3e%3crect width='16' height='16' fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Head - IT Security & Risk - Bank
BangaloreJob Description :
The Head IT (Risk & Security) Operations is responsible is as follows.
The position will directly report to Chief Information Security Officer.
We seek any qualified and certified persons who have experience as described below:
Core responsibilities include:
- Overall technology evaluation and selection to meet the agreed upon security architecture plan
- Management of IT Security systems and applications
- Application Security
- Management of Security staff and Security Operations Centre (SOC)
- Security and Business Continuity and Disaster Recovery Planning (BCDR)
- Authentication, identity and access management
- Perimeter, System, and Application Vulnerability Management
- Information Technology (IT) and Business Process risk management (financial systems, etc)
- Computer Emergency Response Team / Computer Security Incident Response Team
- Knowledge on forensic investigations, digital forensics, eDiscovery
- Support risk assessment and its mitigation across IT Services
- Manage Outsourced Partners towards effectiveness in Outsourced Operations.
- Communications of situational status when security events occur.
DUTIES AND RESPONSIBILITIES:
IT Security Operations :
- Responsible for the Operational and Tactical leadership of the Bank's information security program.
- Work withbank's leadership to oversee the formation and operations of a Bank-wide information security operations that is organized toward a common goal in information security as desired by regulator.
- Promote collaborative, empowered working environments across bank, removing barriers and realizing possibilities.
- Manage bank-wide information security governance processes, support the Information Security Advisory Committee and lead Information Security Operations Liaisons in the establishment of an information security program and project priorities.
- Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire bank in support of an entire suite of bank's application &information systems and technology.
- Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
- Stay abreast of information security issues and regulatory changes affecting banking operations, participate regulatory requirements on security policy and practice discussions, and communicate to Bank's Leadership team on a regular basis about those topics.
- Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
- Perform special projects and other duties as assigned.
- Lead in the adoption and enforcement of Information Security policies, procedures and standards. Conduct and complete annual review of required RBI regulations and reports.
- Maintain the Bank's Security Policies from IT Department per se along with Chief Information Security Officer.
- Maintain the Bank's Security Procedures in the outsourced scenario that include:
- Evaluation and compliance with security measures.
- Disaster Recovery and Emergency operating procedures.
- Security Incident Response and process protocols including Incident Reporting and Sanctions.
- Testing of security procedures, mechanisms and measures.
- Maintain appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted patient data and protect against reasonably anticipated threats and hazards.
- Oversee and/or assist in performing on-going security monitoring of organization information systems.
- Ensure compliance through adequate training programs and periodic security audits. These audits should be both internal and external in nature.
IT Risk Management:
- Risk Identification, Assessment and Evaluation KEY PERFORMANCE AREAS (KPA- S) Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy.
- Identify legal, regulatory and contractual requirements and Bank's policies and standards related to information systems to determine their potential impact on the business objectives.
- Identify potential threats and vulnerabilities for IT processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.
- Create and maintain a risk register to ensure that all identified risk factors are accounted for.
- Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.
- Develop a risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture.
- Correlate identified risk scenarios to relevant IT processes to assist in identifying risk ownership.
- Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment
- Risk Response Develop and implement risk responses to ensure that risk factors and events are addressed in a cost-effective manner and in line with IT objectives.
- Monitor and communicate key risk indicators (KRIs) and management activities to assist relevant stakeholders in their decision-making process.
- Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively.
- Identify and report on risk, including compliance, to initiate corrective action and meet business and regulatory requirements.
EDUCATION, CERTIFICATIONS AND/OR EXPERIENCE
- College degree in Technology (BE-IT) or its equivalent preferred.
- Certifications in CISM/CISSP/CISA will be considered as value addition.
Didn’t find the job appropriate? Report this Job
'%3e %3cpath d='M24 48C37.2548 48 48 37.2548 48 24C48 10.7452 37.2548 0 24 0C10.7452 0 0 10.7452 0 24C0 37.2548 10.7452 48 24 48Z' fill='%23333333' fill-opacity='0.8'/%3e %3cpath fill-rule='evenodd' clip-rule='evenodd' d='M22.5299 19.0115V19.5849V29.0154V31.5316C22.5299 32.3403 23.1967 33 24.004 33C24.8114 33 25.4784 32.3358 25.4784 31.5316V29.0154V19.5849V19.013L29.4885 23.0077C30.0627 23.5795 31.0044 23.5743 31.5733 23.0077C32.1421 22.441 32.1423 21.4975 31.5735 20.9308L30.1054 19.4684C30.0891 19.4504 30.0724 19.4329 30.0551 19.4156L25.0837 14.4634L25.0479 14.4264C24.9234 14.3024 24.7807 14.2055 24.6281 14.1358L24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946C24.0039 13.8983 23.3839 14.0068 22.9622 14.4268L22.9533 14.436L21.4743 15.9093C21.4615 15.9211 21.449 15.933 21.4367 15.9452L16.4286 20.934C15.8598 21.5008 15.8545 22.4389 16.4286 23.0108C17.0027 23.5826 17.9394 23.5827 18.5135 23.0109L20.0019 21.5283C20.0147 21.5164 20.0274 21.5043 20.0399 21.492L22.5299 19.0115ZM24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946L24.5952 14.1212Z' fill='white'/%3e %3c/g%3e %3cdefs%3e %3cclipPath id='clip0_99_1825'%3e %3crect width='48' height='48' fill='white'/%3e %3c/clipPath%3e %3c/defs%3e%3c/svg%3e "Scroll Up"){kind=small}