Cyber Security Role - Bank

JOB DESCRIPTION

Key Accountabilities:-

The role will:

- Collaborate with IT & Business & Support units for effective implementation of Information & Cyber Security controls in accordance with group's security guidelines, industry standards & regulatory requirements.

- Perform Cyber Security risk assessment & monitor Key risk indicators related to Cyber Security/Data protection

- Review Bank's Information Security & Cyber Security Policy as per changing security landscape & review its operational effectiveness in co-ordination with Security Operations Team & Business Risk Management Team

- Ensure compliance with regulatory guidelines w.r.t. Cyber Security & Audit's remediation plan for Technology

- Assess Design & Operational effectiveness of Information-Cyber Security Controls as effective 2nd line defense.

- Update Senior Management of Cyber security issues, emerging risks, projects, incidence & risk mitigation plans.

Job Duties & responsibilities:-

- Perform cyber security risk assessments keeping update with latest technology developments & underlying risk

- Periodic review of Information Security and Cyber Security Policy of the Bank to keep it relevant & robust

- Review of effectiveness of data loss protection program of bank & oversight on timely closure of DLP alert

- Ensure timely compliance with all regulatory guidelines/advisory/circulars related to Information/Cyber security

- Review correctness & completeness of data compiled for various regulatory submissions w.r.t. Info-Security

- Keep Business & Technology stakeholders aware of key regulatory compliance requirements & emerging risks

- Review Information/Cyber Security KRIs (key risk indicators/matrices) periodic basis to assess security posture

- Assist in Internal & External Audit process & ensure timely remediation of IS Audit issues & corrective actions

- Review Cyber security advisories/alerts as part of Bank's Vulnerabilities Management program for remediation

- Analyzing trends & changes in cyber threat landscape in evolving technology areas (eg. Public Cloud, APIs etc)

- Review (testing effectiveness of) half yearly technology & info-security risks controls self-assessment (RCSA)

- Evaluate the residual risks/deviation approvals sought by technology or business team vis a vis security control

- Conduct Information Security Committee meetings on quarterly basis & track the actionable therefrom via MoM

- Review cyber security controls for outsourced service providers (OSP) & new product/process approvals (NPA)

- Drive information security awareness amongst all staff/vendors via user awareness program on Cyber security

- Maintain close working relationship with Technology teams as trusted security advisor in technology initiatives & processes such as change management, incident management, patch management, security configuration & vulnerability management. Keep tteams abreast of various technology risks & advise remediation controls

- Guide Security Operations team for smooth implementation of Bank's Info-Sec policies & regulatory guidelines

- Attend operational risk forums (technology risk forums) to keep update with areas of concerns & advise as SME

- Collaborate with other units (eg. fraud risk controls & BCM) on issues related to cyber fraud, business continuity

- Co-ordinate with 3rd party auditors if any appointed, for independent IT/IS audits or compliance assignments.