Information Security Role - BFSI

Job Title: Manager

Reporting To: VP - Business Systems & Technology

Job Specification:

Parameters Desired-Minimum

Age 32+-29

Education BE + MBA or Preferably BE / B. Tech / Graduate

Years of Experience 9+-7

- Type of Experience With at least 9+ years of progressive experience in IT with 7 years dedicated exposure in Information Security

- Certification in CEH, ECSA, Lead Auditor, CISM/CISA.

- Demonstrate knowledge of information security Standards and Frameworks

- With at least 7 years of progressive experience in IT with 6 years dedicated exposure in Information Security

- Lead Auditor certification. CISM / CISA preferred

Overall purpose of the Job

- This role would be responsible for identifying and implementing mitigations practices and controls ensuring adequate application and infrastructure security posture is maintained all at times

- Web & Mobile Application Security Management 

- Good at application threat modeling and applications risk identification & remediation

- Strong web application security experience with a thorough understanding of web application vulnerabilities

- Knowledge of database, application, and web server design and implementation

- Familiarity with Security standards \ frameworks and groups (OWASP, OSSTM, WASC, FISMA)

- Experience in dynamic and static application vulnerability scanners like HP WebIspenct, IBM AppScan, HP Fortify, etc

- Create, implement & review data protection strategy across the organization.

- Experience in client handling including interaction with developers for understanding the mitigations

- Experience on Mobility Platform like Phone-Gap \ native Android \ Worklite and MDM /MAM

- Knowledge of DevOps and other upcoming technologies used in SDLC

- Experience in manual verification of false positives reported by automated tool

- Devise and enforce standards and best practices for data protection in line with international standards and industry best practices.

- Evaluate the adequacy of security measures including network security to protect organizational data and information assets

Project Management and Vendor Management

- Define and implement project as per approved Plan of action.

- Identify security solutions as per business needs

- Manage POC for agreed and approved solutions as per defined process

- Conduct partner reviews

- Coordinate with vendors / partners on closure of projects / activities

- Manage intra and inter department conflict amicably

IT Risk management and Process assurance :

- Benchmark and compare security practices with the industry

- Implementation, operation and maintenance of the Information Security Management System based on standards like ISO/IEC 27001, Cobit, ITIL etc as applicable.

- Information security risk assessments and controls selection activities

- Track all audit schedules and ensure closure of all security gaps.

- Reporting of all critical security issues

- Co-ordinate for Risk Assessment of IT systems and Third Party workloads

- Facilitate Internal process and IT audits

Audit and Compliance :

- Software license compliance at all times

- Implement tools and processes related to compliance monitoring as per internal security policies and applicable laws and regulations

- Facilitate and drive initiatives of Internal Audits for Information Technology and update on Closure and Identified Risk to the Management 

- Review of Third Party applications / systems and network security on monthly basis

- Adherence To Change Management Processes

Personal Attributes - Honest and Self Disciplined :

- Display Business Integrity & Ethics

- Displays Leadership and team building skills

- Displays Logical thinking for problem evaluation and solving