Manager - RaaS Cybersecurity & Risk Assessment - Banking Domain

We are hiring for a Banking subsidiary in India.

Financial Domain (Banking / NBFC experience is desirable).

Manager RaaS Cybersecurity and Risk Assessment.

Location Juinagar, Navi Mumbai.

Experience/ Qualifications:.

- A minimum experience of 8-10 years in IT Infra Services and Cyber Security Risk Management with relevant and. minimum10 years in Information Security / Cyber Security Risk Assessment, Cyber Security Risk Reviews, Information Risk, Data Security & Privacy Risk, Cyber Risk Auditing and Advisory Consulting experience.

- In depth understanding of existing global standards for information / cyber security such as - NIST CSF, ISMS ISO.

- 27001, ISO 22301BCMS/ISO20000 ITSMS/ISO 31000 Risk Management, SANS, OWASP, MITRE Framework, CMM Maturity Assessment for IT/Business Software, Cyber SOC , Data Centre Security Management etc.

- In Depth knowledge of Enterprise Applications and API architecture, Server operating systems, networking, and. database Security Engineering.

- Hands-on experience in leading Information Security Risk Assessment and auditing security controls as per NIST, ISO, and other global standards.

- Holistic security risk approach and security control proficiency with respect to people, process, partner, and. technology aspects.

- Should have thorough knowledge on security threat, risk, and control mapping with mandatory evidence requirement as per by global standards.

- Good hold and understanding of Cyber Security Controls and working of latest technologies such as Software.

- Development Security & DevOps such as DAST, SCA, SAST, Containerization, Kubernetes and Docker Security Services.

- Ability to identify cyber security risk and threats based on overall environment and platform of application.

- Detail understanding of web, app, middleware, network, perimeter and database security controls.

- Develop quality reports for publication related to cyber security risk and checklist for emerging technology at par to global standards such as Cloud security Automation, AI/ ML.

- Excellent verbal and written communication skills is mandatory with customer or stakeholder interaction. exposure.

- Must be able to articulate risk details in simple understandable language and explain the security risk observations and relevant severity mapping to customer.

- Efficient in performing threat modelling and list relevant threats related to application or product/ solution/ technology.

- Should be able to provide solution and remediation for non-compliance observations to support closure.

- Strong hold in security concepts related to zero trust and its implementation from Identity and Access Management aspects.

Responsibilities:.

- Plan and Perform NIST 1. x & 2.0 based Cyber Security control benchmarking at Application Level, Department Level and or organisation level and provide compliance scoring basis the technical artefacts-based reviews.

- Develop standard artifacts requirements and mapping against each NIST control standards/RBI CSF.

- Also, prepare platform and application security assessment control checklist to be considered and aligned to global standards and industry best practices.

- Develop threat model as per the application applicability and business environment.

- Prepare risk reports and project plan, attend stakeholder meeting and provide quality recommendations from security perspective.

- Should be able to provide recommendation and compensatory controls to reduce risk levels.

- Communicate effectively with project managers, application owners, senior management customers and stakeholders.

- Advises management of critical issues that may affect the overall project deliverables and risk posture of application.

- Demonstrate skills with upgrading knowledge quickly and transferring it to peers.

- Plan, manage and lead security audits, risk assessment and ensure quality assurance of risk reports published.