'%3e%3cpath d='M15.3069 13.1535H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 8.15347H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 3.30693H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath id='clip0_126_10407'%3e%3crect width='16' height='16' fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Tata AIA Life Insurance - Senior Manager - IT Risk
MumbaiDepartment : Risk Management office
Level/ Band : 501
Reports To : Chief Risk Officer
Supervises : NA
Geographic Area Covered : PAN India
Stakeholders - Internal : Departments
Stakeholders - External : Department
Key Result Areas :
Specialist in IT Risk Management :
- 2nd line inputs into the risk identification and management process across all aspects of IT
- Stay knowledgeable of current advances in all areas of IT concerning vulnerabilities, security breaches or malicious attacks;
- Assesses adequacy of the security strategy, BCP /disaster recovery plans, threats to the systems, calculate the impact of potential adverse events, continuously updating, as the threat profiles change constantly.
- Keep management up to date on the results of the risk assessment and make recommendations for mitigations, or projects, to protect their systems or cover potential losses
- Continually improve the quality of the risk management, collect lessons learned information and metrics from security events and integrate the knowledge gathered into future protection strategies. [E.g. reviewing logs, network traces and other evidence from computers, networks and data storage devices].
- Recommend improvements in network security, identity management and logging
- Examine systems and procedures: identify potential adverse events, including hardware, software crashes, physical disasters, malicious intruders, malware, denial of service attacks and employee misconduct.
- Analysis will include a clear description of the risk and its likelihood. For those considered significant, an assessment of the impact in rupees or business disruption will be developed. From this, mitigation plans must be developed and presented to management for approval and funding.
- Identify defensive steps to take, including necessary firewalls, security software and data encryption;
- Recommend all infrastructure and applications patching and remediation be done;
- Assist in the coordination and preparation of presentation material for Risk Committees
Skills Required :
Technical :
- A comprehensive knowledge of hardware /software/ network architecture and domains in IT operations with a focus on governance, risk and compliance;
- Understanding of vulnerabilities across the IT landscape;
- Knowledge of personal computer, tablets, Tablets and mobile architectures, OS and applications;
- Experience in conducting / facilitating IT audits - ISO 27001
- Project management skills, with risk management;
- Fluency in LANs, WAN, VPNs, Routers, firewalls, and IDS/IPS systems;
- Relevant information security certifications (e.g., CISSP, CISA, CISM, CRISC, or GIAC) or the ability to gain a certification after hiring;
- Understanding of legal, Statutory and regulatory compliance standards and requirements against customer data including Payment Card Industry Data Security Standard (PCIDSS), ISO27001, NIST and COBIT;
- Ability to evaluate technology policies and standards, technical engineering standards and operational procedures;
- Knowledge of products which protect systems, such as Intrusion Prevention Systems (host- and network-based), Firewalls, Security Event Management Systems, port scanning and vulnerability identification, monitoring and logging mechanisms, etc;
- Familiarity with multiple software types at the application and enterprise levels;
- Up to date operational knowledge of computer security, Anti virus, malware and hacking attacks;
- Financial and business training to develop risk impact values and mitigation cost cases; and
- Integrated Information Technology Security strategies
- Ability to understand large, complex systems;
- Analytical ability to focus on specific details or subsystems, their vulnerabilities and linkages;
- An inquisitive, or problem-solving, mindset;
- Strong financial analysis, communication & organizational skills;
- Good written and oral communication;
Incumbent Characteristics :
Qualification : BE
Experience : 6 years experience. Experience with IT audits
Certifications : CISA /CISM
Didn’t find the job appropriate? Report this Job
'%3e %3cpath d='M24 48C37.2548 48 48 37.2548 48 24C48 10.7452 37.2548 0 24 0C10.7452 0 0 10.7452 0 24C0 37.2548 10.7452 48 24 48Z' fill='%23333333' fill-opacity='0.8'/%3e %3cpath fill-rule='evenodd' clip-rule='evenodd' d='M22.5299 19.0115V19.5849V29.0154V31.5316C22.5299 32.3403 23.1967 33 24.004 33C24.8114 33 25.4784 32.3358 25.4784 31.5316V29.0154V19.5849V19.013L29.4885 23.0077C30.0627 23.5795 31.0044 23.5743 31.5733 23.0077C32.1421 22.441 32.1423 21.4975 31.5735 20.9308L30.1054 19.4684C30.0891 19.4504 30.0724 19.4329 30.0551 19.4156L25.0837 14.4634L25.0479 14.4264C24.9234 14.3024 24.7807 14.2055 24.6281 14.1358L24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946C24.0039 13.8983 23.3839 14.0068 22.9622 14.4268L22.9533 14.436L21.4743 15.9093C21.4615 15.9211 21.449 15.933 21.4367 15.9452L16.4286 20.934C15.8598 21.5008 15.8545 22.4389 16.4286 23.0108C17.0027 23.5826 17.9394 23.5827 18.5135 23.0109L20.0019 21.5283C20.0147 21.5164 20.0274 21.5043 20.0399 21.492L22.5299 19.0115ZM24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946L24.5952 14.1212Z' fill='white'/%3e %3c/g%3e %3cdefs%3e %3cclipPath id='clip0_99_1825'%3e %3crect width='48' height='48' fill='white'/%3e %3c/clipPath%3e %3c/defs%3e%3c/svg%3e "Scroll Up"){kind=small}