SMBC - Head - Information Security

SMBC - Opportunity for Head - Information Security

Sumitomo Mitsui Banking Corporation is one of the largest Japanese banks in the world and serves customers in APAC, EMEA and Americas region. The bank is majorly involved in commercial banking activities. In India, the bank has launched its operations in March 2013 and is growing steadily since then. We are looking out to recruit dynamic people for the branch to aid the business expansion plan in the country.

SUMMARY :

He or She will be responsible to lead the Information Security Department for SMBC India including information security policy development and maintenance, design of security policy education, training, and awareness activities, monitoring compliance with RBI regulations and applicable laws, and coordinating investigation and reporting of security incidents. Working with the India Information Technology, Global IT and Security Teams, the incumbent will monitor, assess, and fine-tune the banks IT business continuity and disaster recovery program, perform network penetration tests, application vulnerability assessment scans and risk assessment reviews.

RESPONSIBILITIES :

1. To lead overall Information Security Program for SMBC India.

2. Develop and publish Information Security policies, procedures, standards and guidelines based on enterprise standards, RBI regulations, knowledge of best practices and compliance requirements.

3. Monitor and guide on information security issues related to the systems to ensure the internal security controls for the bank are appropriate and operating as intended.

4. Coordinate and execute IT security projects for the bank.

5. Coordinate response to information security incidents.

6. Conduct branch-wide inspections for data classification assessment and security audits and manage remediation plans.

7. Collaborate with Technology, the legal department, safety and security, and law enforcement agencies to manage security vulnerabilities.

8. Create, manage and maintain user security awareness program.

9. Conduct security research in keeping abreast of latest security issues and assessment of banks environment.

10. Prepares documentation, including department policies and procedures and periodic notifications.

11. Actively participate in the business change management and advise business functions about security and regulatory aspect.

12. Conduct Information Security Steering Committee meetings on periodic basis and update Management on Information Security Program as and when required

13. Carry out Vendor Risk Assessment on Periodic Basis

14. Oversee and Develop Business Continuity Plan for the Bank

15. To carry risk assessment for Branch Assets and Risk Control Self-Assessment

16. To monitor and ensure compliance against Local applicable regulations and Head Office guidelines

17. Perform other related duties as assigned by the CISO.

POSITION SPECIFICATIONS :

a. Qualification

1. University Graduate/Post Graduate/B.Tech Ideal

2. Should possess any one of these certifications CISA/CISM/CISSP

3. ISO 27001 2013 Lead Auditor or Lead Implementer Certified

4. Knowledge of BCP and IT Disaster Recovery Domain

b. Working Experience

1. 10+ years of progressive experience in computing and information security, including experience in Information Security, Information technology and service delivery in a global banking environment.

2. Proven ability to lead Technology Service delivery/IT Operations/Data Center Management.

3. Ability to deliver on complex technical projects and initiatives.

4. Experience with disaster recovery planning and oversight.

5. Detailed understanding of infrastructure practices, operations, standards, and frameworks.

6. Prior experience interfacing with senior management.

7. Understanding of ITIL Service Management Framework.

8. Proven track record in process and procedure development and execution.

9. Extended knowledge of IT Security and BCP concepts.

10. Good understanding of financial trading and operating environment.

11. Must be able to handle challenges/issues in a confident, positive and responsive manner.

12. Network protocols and network connectivity concepts, Firewall and Internet technologies.

13. Secure access control mechanisms; Encryption and Key Management techniques

14. To know how to define an action plan and to follow up on progress.

- To be organized and meticulous.

- Good communication, technical writing/diagramming skills.

- Must be motivated, and able to work independently as well as part of a team.

- Must demonstrate ethical responsibility, maturity, and discretion.

c. Special Skills Required

1. Security policy development and security education.

2. Vulnerability assessments, risk analysis and compliance testing experience.

3. Knowledge of information security standards (e.g., ISO 17799/27002, etc.)

4. IT Risk Assessment Concepts

5. CISM, CISSP or CISA Certification is a must

This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.