Technology Project Manager - VAPT

JOB PURPOSE

Summarise briefly, the purpose of the role

- The Technology Project Manager will play a central role in the bank for Managed VAPT programs, Application Security Vulnerability Mitigation and drive the closure of reported vulnerabilities.

- Ensuring contemporary technology and security in the bank's ecosystem including network and application security, infrastructure hardening, security baselines, web server, and database security.

- Understanding business requirements, designing and then guiding the deployment and integration of banking solutions are secondary responsibilities which go hand in hand with the vulnerability mitigation.

- The Technology Project Manager will work with the internal and external stakeholders from vulnerability identification stage through fix implementation in production environment to ensure the security posture of the Bank is maintained as per the defined standards.

PRINCIPLE ACCOUNTABILITIES

List the expected end results that must be achieved in order to fulfil the job purpose and the activities that help in achieving these results.

EXPECTED END RESULTS MAJOR ACTIVITIES

Involvement in Security Assessment and Testing.

- Closely work with Information Security Group while publishing new true positive & valid vulnerabilities.

- Identifying false positive vulnerabilities from the scan report prepared by Information Security Group

- Validate and test effectiveness of compensating controls and implement as applicable.

- Providing relevant information for Internal & external Audits.

Involvement in the solutioning activities

- Providing Application Vulnerability Remediation, Data Security solutions, Implementing cyber security solutions

- Assess and mitigate vulnerabilities of security architectures, designs, and solution elements in Web-based systems, Database security and Distributed systems.

Perform Due Care - Periodic reporting of Vulnerability Assessment and Application Security Assessment status to all Sr. Management & Stakeholders.

- Participate in ongoing IT Security measurements and reporting for senior management review.

- Assist in coordinating contingency plan tests on a regular basis.

- Perform Due Diligence

- Implement Risk Management concepts like Identifying threats and vulnerabilities, Risk assessment/analysis, Countermeasure selection, Control assessment, Monitoring.

- Determine and ensure implementation of data security controls for data at rest and data in transit