Manager - Information Security - NBFC

Job Purpose:

To handle technical information security aspects of NBFC including handling information security tools, application security testing, infrastructure security testing, technical security compliance and cloud security controls. The role defines, implements and monitor security controls for IT assets of the organization

- Third-party Risk Management: Review the risk assessments of third-party vendors, ensuring compliance with security standards and mitigating potential threats.

- Application Security testing: It includes the review of technical assessment (code review, application security & vulnerability assessment) of partner & internal infrastructure.

- Data Security: Review of the Access controls, Encryption, and Data Loss Prevention (DLP) controls to safeguard confidential data. Review of the security controls implemented for cloud environments and services.

- Internal & External Regulatory Audits & Compliance: Lead internal and external regulatory audits to assess the effectiveness of security controls, vulnerability assessments, ensuring compliance with relevant standards and regulations. Organize Information Security Committee (ISC) meetings with Senior Management.

- Information Security Awareness & Emergency Response: Ensure Information Security awareness for all employees and vendor staff. Conduct tabletop exercises to discuss various business disruption scenarios for Senior Management.

- Security Operations Centre (SOC) monitoring: Monitoring & closure of the security alerts observed by the centralized SOC & vulnerabilities observed in the infrastructure & networks. Brand protection & Dark web alerts monitoring & closure.

- Security tools implementation & monitoring: Security Architecture review, Network review, Implementation, monitoring & support of various security tools (PAM, Guardicore, DAM, DLP, EDR, VAPT etc.) as per the organizational requirements.

KRA:

- Vendor Risk Assessment- Creating Audit checklists, training & implementing tools to ensure the third-party assessments are done

- Data & Cloud Security- Implementing Security solutions for the monitoring of the networks

- ISMS & BCMS- Creating & implementation of Information security policies and process documents as required.

- Regulatory Audits & Compliance- Ensure Compliance checks for regulatory requirements are done.

- Information Security Awareness- Creating Training & awareness modules for all employees and vendor staff.

- SOC monitoring- Provide training for monitoring various SOC alerts.

- Security tools implementation & monitoring- Implementation of various security tools as per the organizational requirements.