SBI - Chief Information Security Officer

Recruitment Of Specialist Cadre Officer On Contractual Basis

Advertisement No : CRPD/SCO-CISO/2021-22/23

Online Registration Of Application : FROM 19.12.2021 TO 08.01.2022

State Bank of India invites Online applications from Indian citizens for appointment of Chief Information Security Officer. Candidates are requested to apply Online through the link given on Banks website https://bank.sbi/web/careers or https://www.sbi.co.in/web/careers

Candidates are advised to check Bank's website https://bank.sbi/web/careers or https://www.sbi.co.in/web/careers regularly for details and updates (including the list of shortlisted/ qualified candidates).

Post : Chief Information Security Officer

Nature of Engagement : Contractual #

Grade (Comparable Grade Scale) : TEGSS-I (i.e., CGM)

Vacancy :

GENERAL/TOTAL : 1

Age as on 01.12.2021

Maximum : 57

Selection Process : Shortlisting, Interview and CTC Negotiation

Suggested place of posting : Mumbai

Abbreviations: TEGSS: Top Executive Grade Special Scale, CGM: Chief General Manager

# Contract period: 3 years. May be renewed for further period of 2 years with the discretion of the Bank at mutually agreed terms and conditions (Total engagement period should not exceed 5 years). The contract can be terminated from either side by giving 3 months advance notice.

DETAILS OF EDUCATIONAL QUALIFICATION, EXPERIENCE :

Educational Qualifications :

Basic Qualifications:

- Engineering Graduate/ Post-Graduate in related field such as Computer Science, IT, Electronics and Communications or a Cyber Security related field or MCA or equivalent qualification from recognized University.

Professional Qualifications (Preferred):

- Certified Information Systems Security Professional (CISSP) /Certified Information Security Manager (CISM)/

Certified Chief Information Security Officer (CCISO) / Certified Information Systems Auditor (CISA)

Experience (Post Basic qualifications) (As on 01.12.2021) :

15 years in overseeing financial operations, preferably financial information security matters in Banks/ Large Corporates/ PSUs/ FIs/ Financial Services Organizations, of which 10 years should be in core domain area of Information Security in Banks/ FIs (out of 10 years in Banks/ FIs, 5 years should be at Senior Management Level).

Specific skills required: As per the job profile:

JOB PROFILE AND KRA:

Job Profile (Detail description of Role, Responsibilities and Functions) :

CISO is responsible for :

1. Bringing to the notice of Board/IT sub-committee of the Board about the vulnerabilities and cyber security risk, the Bank is exposed to.

2. As member secretary of Information Security and/or related committee(s), if any, may ensure inter alia, current/emerging cyber threats to banking (including payment systems) sector and the Banks preparedness in these aspects are invariably discussed in such committee(s).

3. Managing and monitoring SOC and drive cyber security related projects.

4. Maintaining and update a threat landscape for the organization on a regular basis.

5. Ensuring that periodic tests are conducted to evaluate the adequacy and effectiveness of technical security control measures, especially after each significant change to the IT applications/ systems/ networks as well as after any major incident.

MEASURES OF SUCCESS:

- IS requirements are identified and addressed in a timely manner.

- IS responsibilities are effectively communicated to all role holders.

- Risk mitigation measures are appropriate and in line with global best practices.

KRAs for the post:

- To create, maintain and disseminate information security strategy, plans and policies to ensure high information assurance within the Bank and meet legal, statutory and regulatory requirements in Information Security.

- To obtain top management approval on IS security plan, budget, resources and provide ongoing support for Information Security activities.

- To ensure that, when exceptions/ deviations/ non-adherence to the IS Security are proposed by the Application Owner, the risk assessment process is completed, and appropriate recommendations are put up to DMD & CIO.

- To define security violations and support investigative processes.

- To brief Top Management on information security initiatives undertaken, information security status across the Bank, compliance against Banks Information Security Policies and regulatory requirements.

- To direct Information Security Incident Response Management.

- To oversee the development of Information Security Awareness training programmes and promote security culture in the Bank.

- To stay informed about global best practices and latest developments in the field of information security including technology, management practices and regulatory requirements.

- To represent the Bank in the area of information security at industry standards committee, technical conferences and regulatory bodies.

The apply button will redirect you to an external URL, please apply there.