Cybersecurity & Risk Assessment Lead - Banking Domain

About the job:

We are hiring for the largest Bank in India

Financial Domain (Banking / NBFC experience is desirable)

Cybersecurity Lead - Cyber Security Risk Assessment and Application Security

Location - Juinagar, Navi Mumbai

Responsibilities:

- Perform data flow and architecture review of application and identify threats (may use threat modeling)

- Review multiple documents related to applications such as SRS, BCP, HLD, LLD and should be able to identify security control gaps as per global standards (OWASP/ MITRE /SANS)

- Prepare platform and application security assessment control checklist to be considered and aligned to the global standards and industry best practices.

- Develop threat model as per the application and organisation's compensatory controls and context

- Prepare risk reports and project tracking for risk observations and compliance.

- Should be able to provide recommendations and compensatory controls to reduce cyber security risk level.

- Communicate effectively with project managers, application owners, customers and stakeholders.

- Advises management of critical issues that may affect the overall project deliverables and application risk posture.

- Demonstrate skills with upgrading knowledge quickly and transferring it to peers.

Skills & Requirements:

- A minimum experience of 6-8 years in cyber security with relevant of 5 years in web application, mobile application security risk assessment.

- In depth understanding of existing global standards for information / cyber security such as - OWASP, SANS and MITRE

- Understanding of application, database, API and zero trust architecture

- Holistic risk approach and security control proficiency with respect to people, process and technology aspects

- Good hold and understanding of security practices in application and microservices product development

- Ability to identify cyber security risk and threats based on overall environment, platform of application and third-party vendor security risk.

- Should be proficient in identifying security control implementation gaps in application authentication, authorisation and data security.

- Excellent verbal and written communication skills is mandatory with customer or stakeholder interaction exposure.

- Must be able to articulate risk observation in detail and simple understandable language and explain the security risk observations and reason for severity mapping to customer.

Should be able to provide solution and remediation for non-compliance observations to the development team and support closure.

1-2 years of coding experience is desirable

At least one Certification is a must

OSCP/ CRISC/ CISSP/ CSSLP