Manager/Senior Manager - Information Security Officer - BFS

Position: Information Security Officer - Cards Security, Digital Channel Security & Regulatory Compliance.

Designation: Manager / Senior Manager

Location: Mumbai / Noida (Hybrid Mode)

Role & responsibilities:

Role for Managing security of digital / card security and regulatory controls in Bank's Information Security Department based on following Standards; ISO27001, PCIDSS and NIST Cyber Security Framework.

- Understanding of industry development on payments and data security standards and enable business to provide secured systems.

- Drive end to end risk assessments for various regulatory / non regulatory requirements related to Cards & Digital Banking domain.

- Review of any new digital / card related product being introduced / modified wrt to Information Security controls to embed controls at the design stage.

- Review / draft relevant policies and procedures as per best practises.

- Articulate and create management reports and presentations for management reporting and regulatory submissions.

- Work closely with cross-functional teams and develop strong liaison relationships to drive information security.

- Support and consulting of Business Units and other departments (Operations Risk / Technical Risk) with regards to Information Security Issues.

- Experience in conducting Third Party Vendor Risk Assessments from Information Security Perspective.

- Performing Risk & Control Self Assessments (RCSA) for various functions/operations/applications being used by the Bank.

- Attend Audits (Internal, External, Regulatory Audits); prepare and maintain records / evidences.

- String knowledge in ISO 27001, NIST CSP, ISO 22301 standards.

Key Skills:

- Understanding of IT security industry standards (i.e. ISO 27001, PCIDSS, NIST cybersecurity framework)

- Leadership and management skills

- Sound communication skills

- Strong analytical and presentation skills

- Capable of self-organizing and prioritizing the work in an effective manner

- Proactive and self-motivated to work in complex organization.

- General Knowledge of legal framework for Information Security and Data Protection

Experience & Qualifications:

- 3-5 years in Information Security / cyber security domain

- Good understanding of, and experience with Information Risk Management, IT Security and Compliance.

- Graduate/Post-graduate in IT or Computer Science having sound knowledge in data security related standards.

Certifications:

- CISA/CISM/CISSP certification/s (preference)