Role Objective

The incumbent will work closely with the Infrastructure and Security Manager in effective implementation of security controls, security standards, security solutions, including the ongoing assessment and tracking of adherence to required security guidelines across the enterprise computing environment, operate security tools, monitor threats and security issues. The Job holder will support in managing projects, organizing resources, and carrying out risk assessment, ensuring that the project deliverables and quality standards are met, as per the established SLAs.

Detailed Roles and Responsibilities:

• Meet with various stakeholders in order to ascertain the overall objectives of the project, and employ the services of business analysts, in business analysis / system reviews for departments.
• Recommend and coordinate the application of fixes, patches, disaster recovery procedures in the event of a security breach
• Research emerging technologies in support of security enhancement and development efforts.
• Coordinate with Security assessment vendors and Operational Risk teams to assess the organization’s security measures, to identify any weak points that might make information systems vulnerable to attack.
• Carry out simulated attacks to test the efficiency of security measures with the coordination of internal /external resources.
• Prioritize security coverage to ensure that strategically important data and mission critical systems receives the highest levels of protection.
• Handle incident responses in a prompt manner, by determining and mitigating the cause in close coordination with the relevant stakeholders, help in analyzing reports SOC reports to identify trends that might indicate a future risk.
• Management of Security Services and devices i.e. Secure Gateways, WAF, VAPT and related Security services.
• Ensure that the projects are managed in accordance with the project management methodology including document templates, identifying project phases, reporting and planning information for successful project delivery.
• Implement technical solutions to contractual requirements supporting ISO 27001/PCI DSS and any other applicable standards.
• Ensure compliance to the regulatory requirements with regards to IT security and implement all the required controls in the IT environment
• Resolve IT security weaknesses/gaps in controls identified through various audits and Security Operations Center (SOC) operations
• Ensure timely closure of all findings of the penetration tests and vulnerability assessments, and prepare responses to internal /external audits, penetration tests and vulnerability assessments.
• Contribute towards development of security baselines for all IT infrastructure and Applications, and annual review and updating of all IT Security related SOPs and Information security procedures related to IT in coordination with the CISO of the Bank.

Education, Experience and Skills Required:

• Bachelor’s degree or in Computer Science, Information Systems, or any other related discipline from a recognized university
• Master’s degree in Management any other related discipline from a recognized university
• 06-10 years of total experience in financial services/banking industry, entailing responsibilities pertaining to the specific area of discipline.
• Significant experience in IT Infrastructure security.
• Adept in IT Security pertaining to databases, networks, application servers, web servers, operating systems, firewalls, IPS / IDS, log co-relation tools.

Certifications:

• Professional certification such as CISSP / SSCP/ CISM and/or other relevant certification is preferable