Deputy Chief Information Security Officer - BFSI

Job Description :

Primary Job Duties/Responsibilities :

The key job duties/responsibilities are enumerated below :

- Creating and implementing a strategy for the deployment of information security technologies and solutions to minimize the risk of cyber incidents.

- Preparing information security policy, cyber security policy and cyber crisis management plan.

- Driving and ensuring compliance to the extant regulatory instructions on information/ cyber security.

- Coordinating in assessing Business Impact Analysis of various IT assets and deriving respective RTO and RPO for each asset.

- Ensuring that current and emerging cyber threats to the financial sector and the Bank's preparedness in these aspects are discussed in ISC and other related Committees.

- Developing cyber security KRIs and KPIs.

- Placing a review of cyber security risks/ arrangements/ preparedness of the Bank before the Board/ Board level Committee on a quarterly basis.

- Spearheading implementation of security standards/ IT control frameworks (such as ISO 27001) for critical IT functions.

- Conducting Vulnerability Assessment/ Penetration Testing (VA/ PT) of the IT assets (applications, systems and infrastructure) throughout their lifecycle (pre-implementation, post implementation, after major changes, etc.)

- Managing the daily operation and implementation of the IT security strategy

- Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement

- Solving network related queries and problems satisfactorily, in a timely manner

- Direct significant effort into IT asset management, involving hardening, tagging, tracking, and auditing all IT assets.

- Developing strategies to handle security incidents and trigger investigation

- Delivering new security technology approaches and implementing next generation solutions

- Overseeing the management of the IT security department, giving leadership to the team, an developing staff capabilities

- Ensuring adherence to the latest regulations and compliance requirements

- Running security audits and risk assessments

- Developing, implementing and testing of business continuity plans

- Planning and executing periodic disaster recovery drills / simulation exercises in order to establish the adequacy of the Business Continuity Plan

- Periodically communicating updates relating to IT and cyber security to various stakeholders internally & externally; viz., Board of Directors, senior management team, team members, colleagues of other departments etc.

- Must work to integrate the security requirements with IT and business requirements

- Insure against cyber risks and protect the organization from potential liabilities to the extent possible

- Handling IT related compliance issues and ensuring that the organization follows rules and standards

- Software Development Lifecycle (SDLC) Audit and periodic Code Reviews to ensure that applications continue to be secure

- Information Security Audit of IT Systems and controls

- Issuing and periodic review of device hardening guidelines, patch management guidelines, antivirus / malware guidelines, User Access Management guidelines, privilege access management guidelines, end point management guidelines, connectivity guidelines for trading partners and external agencies, controls on mobile devices and wireless technology

- Developing and Implementation of scenario-based Incident response plans to deal with cyber
crisis, contingencies and disasters, attacks on IT systems etc.

- Escalating and reporting the incidents to the Board and Senior Management and pro-actively notify CERT-In and RBI regarding cyber security incidents, as per regulatory requirements.

- Ensuring security review of all applications / change requests before go-live / production release

- Preparing, maintaining and review of IS Policy

- Managing and monitoring SOC and drive cyber security related projects

- Maintain and monitor on regular basis the threat landscape of the Bank

- Ensuring conduct of periodic tests to evaluate the adequacy and effectiveness of security control measures

- Any other assignment as may be assigned from time to time