SMBC - Manager - Information Security (8-15 yrs)
The incumbent shall be responsible for the maintenance of Information Security policies & procedures and imparting of the policy education, training and awareness. He /She shall be responsible for execution of various Information Security controls and processes, monitoring compliance with the regulatory and organizational regulations, conducting investigations and reporting of security incidents. He /She would be responsible to perform IT Security Risk assessments, review & implementation of new IT Security tools & technologies, and to continuously evaluate the banks information security program and work toward continuous improvement of the same.
The incumbent shall also be responsible for managing the Business Continuity Planning & Disaster Recovery Drills for the organization. He /She shall be responsible for the enhancement & maintenance of BCP / DR policies & procedures; Identification of Critical Business & IT Assets, working with the business stakeholders to perform Business Impact Analysis (BIA) processes, reviewing Recovery Procedures.
- 8+ years of progressive experience in the field of Information & Cyber Security, including experience in Data security, IT Security, Network Security and IT Risk Management in a global banking environment
- Ability to lead Information Security Operations, and Drive execution of Controls and Processes.
- Ability to deliver on complex technical security projects and initiatives
- Detailed understanding of IT Security and Infrastructure practices, operations, standards and frameworks
- Proven track record in IS processes development, execution and enhancements.
- Expertise in performing and leading IT Security risk assessments.
- Expert knowledge in Vulnerability Assessments (VA /PT), System Security Hardening and appropriate remediations.
Experience in managing Audits dealing with both internal & external auditors. (and preferably with regulators).
- Good knowledge on BCP and DR processes. Knowledge of performing BIAs would be preferred but not mandatory.
- Others: Information & Cyber Security Incident mgmt. skills, IT Risk Assessment skills, BCP /DR planning, execution and management.
Bachelors / Masters
Others - ISO270001 L.I /CISA /CISM /CISSP (preferred)