jobseeker Logo
Now Apply on the Go!
Download iimjobs Jobseeker App and get a seamless experience for your job-hunting
08/01 Rahul R
Principal Consultant at Fortune HR Consultant

Views:10519 Applications:336 Rec. Actions:Recruiter Actions:157

Head - IT Security & Risk - Bank (9-21 yrs)

Bangalore Job Code: 783040

Job Description :

The Head IT (Risk & Security) Operations is responsible is as follows.

The position will directly report to Chief Information Security Officer.

We seek any qualified and certified persons who have experience as described below:

Core responsibilities include:

- Overall technology evaluation and selection to meet the agreed upon security architecture plan

- Management of IT Security systems and applications

- Application Security

- Management of Security staff and Security Operations Centre (SOC)

- Security and Business Continuity and Disaster Recovery Planning (BCDR)

- Authentication, identity and access management

- Perimeter, System, and Application Vulnerability Management

- Information Technology (IT) and Business Process risk management (financial systems, etc)

- Computer Emergency Response Team / Computer Security Incident Response Team

- Knowledge on forensic investigations, digital forensics, eDiscovery

- Support risk assessment and its mitigation across IT Services

- Manage Outsourced Partners towards effectiveness in Outsourced Operations.

- Communications of situational status when security events occur.


IT Security Operations :

- Responsible for the Operational and Tactical leadership of the Bank's information security program.

- Work withbank's leadership to oversee the formation and operations of a Bank-wide information security operations that is organized toward a common goal in information security as desired by regulator.

- Promote collaborative, empowered working environments across bank, removing barriers and realizing possibilities.

- Manage bank-wide information security governance processes, support the Information Security Advisory Committee and lead Information Security Operations Liaisons in the establishment of an information security program and project priorities.

- Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire bank in support of an entire suite of bank's application &information systems and technology.

- Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.

- Stay abreast of information security issues and regulatory changes affecting banking operations, participate regulatory requirements on security policy and practice discussions, and communicate to Bank's Leadership team on a regular basis about those topics.

- Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.

- Perform special projects and other duties as assigned.

- Lead in the adoption and enforcement of Information Security policies, procedures and standards. Conduct and complete annual review of required RBI regulations and reports.

- Maintain the Bank's Security Policies from IT Department per se along with Chief Information Security Officer.

- Maintain the Bank's Security Procedures in the outsourced scenario that include:

- Evaluation and compliance with security measures.

- Disaster Recovery and Emergency operating procedures.

- Security Incident Response and process protocols including Incident Reporting and Sanctions.

- Testing of security procedures, mechanisms and measures.

- Maintain appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted patient data and protect against reasonably anticipated threats and hazards.

- Oversee and/or assist in performing on-going security monitoring of organization information systems.

- Ensure compliance through adequate training programs and periodic security audits. These audits should be both internal and external in nature.

IT Risk Management:

- Risk Identification, Assessment and Evaluation KEY PERFORMANCE AREAS (KPA- S) Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy.

- Identify legal, regulatory and contractual requirements and Bank's policies and standards related to information systems to determine their potential impact on the business objectives.

- Identify potential threats and vulnerabilities for IT processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.

- Create and maintain a risk register to ensure that all identified risk factors are accounted for.

- Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.

- Develop a risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture.

- Correlate identified risk scenarios to relevant IT processes to assist in identifying risk ownership.

- Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment

- Risk Response Develop and implement risk responses to ensure that risk factors and events are addressed in a cost-effective manner and in line with IT objectives.

- Monitor and communicate key risk indicators (KRIs) and management activities to assist relevant stakeholders in their decision-making process.

- Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively.

- Identify and report on risk, including compliance, to initiate corrective action and meet business and regulatory requirements.


- College degree in Technology (BE-IT) or its equivalent preferred.

- Certifications in CISM/CISSP/CISA will be considered as value addition.

Women-friendly workplace:

Maternity and Paternity Benefits

Add a note
Something suspicious? Report this job posting.