Chat

iimjobs

jobseeker Logo
Now Apply on the Go!
Download iimjobs Jobseeker App and get a seamless experience for your job-hunting
21/01 Rahul R
Principal Consultant at Fortune HR Consultant

Views:10849 Applications:379 Rec. Actions:Recruiter Actions:198

Head - IT Security & Risk - Bank (9-21 yrs)

Bangalore Job Code: 788147

Job Description :

The Head IT (Risk & Security) Operations is responsible is as follows.

The position will directly report to Chief Information Security Officer.

We seek any qualified and certified persons who have experience as described below:

Core responsibilities include:

- Overall technology evaluation and selection to meet the agreed upon security architecture plan

- Management of IT Security systems and applications

- Application Security

- Management of Security staff and Security Operations Centre (SOC)

- Security and Business Continuity and Disaster Recovery Planning (BCDR)

- Authentication, identity and access management

- Perimeter, System, and Application Vulnerability Management

- Information Technology (IT) and Business Process risk management (financial systems, etc)

- Computer Emergency Response Team / Computer Security Incident Response Team

- Knowledge on forensic investigations, digital forensics, eDiscovery

- Support risk assessment and its mitigation across IT Services

- Manage Outsourced Partners towards effectiveness in Outsourced Operations.

- Communications of situational status when security events occur.

DUTIES AND RESPONSIBILITIES:

IT Security Operations :

- Responsible for the Operational and Tactical leadership of the Bank's information security program.

- Work withbank's leadership to oversee the formation and operations of a Bank-wide information security operations that is organized toward a common goal in information security as desired by regulator.

- Promote collaborative, empowered working environments across bank, removing barriers and realizing possibilities.

- Manage bank-wide information security governance processes, support the Information Security Advisory Committee and lead Information Security Operations Liaisons in the establishment of an information security program and project priorities.

- Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire bank in support of an entire suite of bank's application &information systems and technology.

- Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.

- Stay abreast of information security issues and regulatory changes affecting banking operations, participate regulatory requirements on security policy and practice discussions, and communicate to Bank's Leadership team on a regular basis about those topics.

- Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.

- Perform special projects and other duties as assigned.

- Lead in the adoption and enforcement of Information Security policies, procedures and standards. Conduct and complete annual review of required RBI regulations and reports.

- Maintain the Bank's Security Policies from IT Department per se along with Chief Information Security Officer.

- Maintain the Bank's Security Procedures in the outsourced scenario that include:

- Evaluation and compliance with security measures.

- Disaster Recovery and Emergency operating procedures.

- Security Incident Response and process protocols including Incident Reporting and Sanctions.

- Testing of security procedures, mechanisms and measures.

- Maintain appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted patient data and protect against reasonably anticipated threats and hazards.

- Oversee and/or assist in performing on-going security monitoring of organization information systems.

- Ensure compliance through adequate training programs and periodic security audits. These audits should be both internal and external in nature.

IT Risk Management:

- Risk Identification, Assessment and Evaluation KEY PERFORMANCE AREAS (KPA- S) Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy.

- Identify legal, regulatory and contractual requirements and Bank's policies and standards related to information systems to determine their potential impact on the business objectives.

- Identify potential threats and vulnerabilities for IT processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.

- Create and maintain a risk register to ensure that all identified risk factors are accounted for.

- Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.

- Develop a risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture.

- Correlate identified risk scenarios to relevant IT processes to assist in identifying risk ownership.

- Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment

- Risk Response Develop and implement risk responses to ensure that risk factors and events are addressed in a cost-effective manner and in line with IT objectives.

- Monitor and communicate key risk indicators (KRIs) and management activities to assist relevant stakeholders in their decision-making process.

- Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively.

- Identify and report on risk, including compliance, to initiate corrective action and meet business and regulatory requirements.

EDUCATION, CERTIFICATIONS AND/OR EXPERIENCE

- College degree in Technology (BE-IT) or its equivalent preferred.

- Certifications in CISM/CISSP/CISA will be considered as value addition.

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.

Women-friendly workplace:

Maternity and Paternity Benefits

Add a note
Something suspicious? Report this job posting.