Information & Cyber Security Manager - BFS

Skills & Competencies: Subject knowledge (Information security, Cyber Security, Data Privacy) Security Analysis, Network Security, Good understanding of technology (IT certification preferred)

Min. Educational Qualification: Graduation (Preferably Computer Science, Cyber Security, Information Technology etc.)

Relevant Work-experience: 5 to 6 years of Information Security experience, 2 years min. information security in BFSI Insurance, preferred

Location - Goregaon

Level - IL4 Upper

Certifications: OSCP, CEH, CISSP, CISA, CISM, ISO 27001:2013 LA

Job Description:

Be responsible for setting IS Standards, Checklist, Guidelines such as:

- IS guidelines and any supporting templates;

- Standards for Technology Risk Assessments (TRA) for any process / technology change or new technology sourcing

- Manage internal / third party Ethical hacking / Vulnerability Assessment / Penetration Testing, Red Team assessment activities etc.

- Methodology / checklist for performing the TRA and approval matrix based on the results of the TRA BCP / DR standards including methodology for conducting Risk Assessment (RA) and Business Impact Analysis (BIA)

- Application security and Vendor risk assessment standards

- IS related trainings standards including frequency for IS related trainings for employees / contractors and the IT / IS teams

- Security testing baselines for conducting Vulnerability Assessment and Penetration Testing of IT systems (infrastructure and applications) including mandating the use of internal and external vendors based on asset classification

- Liaising with the business teams to define the roles within each application under their purview depending upon the business requirements

- Shall review the training / skill set requirements for the SOC / LAM / DLP teams

- Manage Information Security Projects/assessments etc

- Perform daily InfoSec operational activities like FnF Clearance, approvals etc.

- Conduct or participate Cyber security drill as per the requirement

- Assign detailed responsibilities and action steps to manage cyber crisis

- Identify the active risks along with the threat vectors related to cyber crisis

- Support response and investigation activities related to the cyber crisis

- Review regulatory impact and compliance obligations

- All other tasks/activities/projects etc. delegated by Chief Risk Officer (CRO) / Chief Information Security Officer (CISO)