Senior Manager (Information Security)

Job Description / Requirements:

1. Bachelor’s Degree in Computer Science / Information Technology or its equivalent with 7-10 years of experience in banking sector of which at least 3 years of managerial experience in the areas of IT Governance, Risk and Compliance.

2. Possess professional certification in the domain of Information Security preferably Certified Information Systems Security Professional (CISSP).

3. Proficient in information security domains, including policies and standards, risk and control assessments, regulatory compliance, secure systems development lifecycle, access controls, vulnerability management, data protection, technology resiliency and governance metrics.

4. Ideally have fair understanding of retail and corporate banking processes and products desirably with professional certifications in banking domain.

5. Strong understanding and knowledge of industry best practices and frameworks pertaining to IT, IT Risk management methodologies, tools to manage IT risks, end point security, network security, encryption and key management, authentication and access control.

6. Maintain compliance with regulatory requirements including regulatory guidelines issued by MAS and RBI for management of technology risks.

7. Formulate, review and maintain centre specific IT policies, IT risk management framework, baselines, standards and procedures such that they continue to remain relevant, up to date and aligned with Head Office, regulatory and industry standards.

8. Engage with relevant stakeholders for conduct of IT Governance committee meetings and provide pertinent insights on key risks to senior management.

9. Collaborate with stakeholders across geographies for smooth conduct of BIA, BCP, DR exercises

10. Ability to take charge of Information Security events and incidents and work collaboratively with relevant stakeholders in line with the defined policies and processes.

11. Perform focused risk based reviews, log reviews, technology risk assessments of existing or new IT processes and systems, provide recommendations to improve processes by removing deficiencies and to put in place the right tools to reduce risks.

12. Experience across Core Banking operations, SDLC, Project Management and a fair understanding of cloud technologies will be advantageous.

13. Manage IT Risk Register, track remediation actions, deviations and risks.

14. Ensure adequate oversight over outsourced IT activities and manage third party risks.

15. Work with teams across geographies to resolve IT risk issues.

16. Manage audit end to end through collaboration with relevant stakeholders such as Head Office, regulators, internal/external auditors.

17. Foster strong IT risk aware culture across relevant teams.

18. Proactive mind-set, excellent problem solving capabilities, communication, presentation, and advisory skills.

19. Self-driven, ability to work independently or in a team and multitask.

20. The incumbent will not have any direct reports and must be able to work independently with minimal supervision.