Job Description :
Primary Job Duties/Responsibilities :
The key job duties/responsibilities are enumerated below :
- Creating and implementing a strategy for the deployment of Information Security technologies and solutions to minimize the risk of cyber incidents.
- Preparing Information Security policy, cyber security policy and cyber crisis management plan.
- Driving and ensuring compliance to the extant regulatory instructions on information/ cyber security.
- Coordinating in assessing Business Impact Analysis of various IT assets and deriving respective RTO and RPO for each asset.
- Ensuring that current and emerging cyber threats to the financial sector and the Bank's preparedness in these aspects are discussed in ISC and other related Committees.
- Developing cyber security KRIs and KPIs.
- Placing a review of cyber security risks/ arrangements/ preparedness of the Bank before the Board/ Board level Committee on a quarterly basis.
- Spearheading implementation of security standards/ IT control frameworks (such as ISO 27001) for critical IT functions.
- Conducting Vulnerability Assessment/ Penetration Testing (VA/ PT) of the IT assets (applications, systems and infrastructure) throughout their lifecycle (pre-implementation, post implementation, after major changes, etc.)
- Managing the daily operation and implementation of the IT security strategy
- Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement
- Solving network related queries and problems satisfactorily, in a timely manner
- Direct significant effort into IT asset management, involving hardening, tagging, tracking, and auditing all IT assets.
- Developing strategies to handle security incidents and trigger investigation
- Delivering new security technology approaches and implementing next generation solutions
- Overseeing the management of the IT security department, giving leadership to the team, an developing staff capabilities
- Ensuring adherence to the latest regulations and compliance requirements
- Running security audits and risk assessments
- Developing, implementing and testing of business continuity plans
- Planning and executing periodic disaster recovery drills / simulation exercises in order to establish the adequacy of the Business Continuity Plan
- Periodically communicating updates relating to IT and cyber security to various stakeholders internally & externally; viz., Board of Directors, senior management team, team members, colleagues of other departments etc.
- Must work to integrate the security requirements with IT and business requirements
- Insure against cyber risks and protect the organization from potential liabilities to the extent possible
- Handling IT related compliance issues and ensuring that the organization follows rules and standards
- Software Development Lifecycle (SDLC) Audit and periodic Code Reviews to ensure that applications continue to be secure
- Information Security Audit of IT Systems and controls
- Issuing and periodic review of device hardening guidelines, patch management guidelines, antivirus / malware guidelines, User Access Management guidelines, privilege access management guidelines, end point management guidelines, connectivity guidelines for trading partners and external agencies, controls on mobile devices and wireless technology
- Developing and Implementation of scenario-based Incident response plans to deal with cyber
crisis, contingencies and disasters, attacks on IT systems etc.
- Escalating and reporting the incidents to the Board and Senior Management and pro-actively notify CERT-In and RBI regarding cyber security incidents, as per regulatory requirements.
- Ensuring security review of all applications / change requests before go-live / production release
- Preparing, maintaining and review of IS Policy
- Managing and monitoring SOC and drive cyber security related projects
- Maintain and monitor on regular basis the threat landscape of the Bank
- Ensuring conduct of periodic tests to evaluate the adequacy and effectiveness of security control measures
- Any other assignment as may be assigned from time to time