Job Description

About the company

SBI Card is a leading pure-play credit card issuer in India, offering a wide range of credit cards to cater to diverse customer needs. We are constantly innovating to meet the evolving financial needs of our customers, empowering them with digital currency for seamless payment experience and indulge in rewarding benefits. At SBI Card, the motto 'Make Life Simple' inspires every initiative, ensuring that customer convenience is at the forefront of all that we do. We are committed to building an environment where people can thrive and create a better future for everyone.


SBI Card is proud to be an equal opportunity & inclusive employer and welcome employees without any discrimination on the grounds of race, color, gender, religion, creed, disability, sexual orientation, gender identity, marital status, caste etc. SBI Card is committed to fostering an inclusive and diverse workplace where all employees are treated equally with dignity and respect which makes it a promising place to work.


Join us to shape the future of digital payment in India and unlock your full potential.

What's in it for YOU

SBI Card truly lives by the work-life balance philosophy. We offer a robust wellness and wellbeing program to support mental and physical health of our employees Admirable work deserves to be rewarded. We have a well curated bouquet of rewards and recognition program for the employees Dynamic, Inclusive and Diverse team culture Gender Neutral Policy Inclusive Health Benefits for all - Medical Insurance, Personal Accidental, Group Term Life Insurance and Annual Health Checkup, Dental and OPD benefits Commitment to the overall development of an employee through comprehensive learning & development framework

Role Purpose

Threat & Vulnerability Management is one of high concern areas in order to prevent SBIC from any potential threat actor. This role is responsible for managing & maturing overall Application Security lifecycle starting from requirements gathering to decommissioning phase. This includes assuring compliance to RBI's requirement on Digital Application with activities such as Threat Modeling, Secure Application Architecture and Run-time security controls. This role also leverage expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT landscape across SBIC Card environment.

Role Accountability

Functional Areas:


Provide technical expertise for information security policies and standards for Application Development throughout SDLC Maintaining current knowledge and understanding of the threat landscape and emerging security threats and vulnerabilities to build adequate solution Help SBIC IT Team build agile application development platforms rooted on flexible container-based platforms and aligned to agile development and CI/CD best practices Provide expertise in security tools for vulnerability assessment, penetration testing & application security Define security runtime products and development tooling migration strategy and guidelines for digital applications Ensures (web) applications, APIs, and cloud services are planned, designed, developed, implemented and monitored in accordance with security policies and to meet compliance requirements Perform regular status reviews with IT asset owners & senior leadership to ensure compliance with InfoSec policies and RBI's requirement on Digital Applications Participate in and support application security reviews and threat modeling, support security testing team for code review and dynamic testing. Industry analysis for latest security systems, standards, authentication protocols, security framework to guide development team to implement for new projects Facilitate and support the preparation of security releases. Support and consult with product and development teams in the area of application security. Assist in development of automated security testing to validate that secure coding best practices are being used. Manage & Mature Application Security Standard, Framework and related process New Technology & Risks


Evaluates and recommends tools and solutions that provide protection to SBIC application landscape Maintain contact with vendors regarding security system updates and technical support of security products Performs cost-benefit and risk analysis Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks Vendor Management


Maintain relationship with managed security services vendor leadership to ensure effective implementation and operation of security programs, ongoing support and deployment of competent resources Oversee the development, implementation and maintenance of vendor standard operating procedures/ run book in line with SBI Card policies & standards Provide technical & program management expertise and oversight over vendor teams Stakeholder Management


This role requires strong skills to discuss technical & non-technical aspect with articulation of Risk to demonstrate requirement and drive mitigation of Vulnerability


Internal Stakeholders: Information technology function including its vendor, Senior leaders like CISO & , DPO and other Business/functional leaders External Stakeholders: Vendor Team

Measures of Success

Successful implementation/ adoption of any new solution, technology or framework as per regulatory and SBIC policy Successful delivery of security projects specifications within time and budget Secure delivery of workload protection and applications (enterprise, web and mobile app) hosted on-premise or on Cloud Reduction in attack surface and threat exposure for SBI Card IT platforms Consistently enhance the security posture to reduce overall risk to SBI Card No major observation in internal/external audit on security design for applications

Technical Skills / Experience / Certifications

Deep knowledge and understanding of enterprise IT Systems, infrastructure, and security technologies. Knowledge of Information Security Standards like ISO 27001, PCI-DSS, NIST CSF, CSA framework etc. Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc.). Experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, etc.) preferred. Experience architecting solutions within Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), VMware NSX, Oracle etc. Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes such as secure software development, Application Security, data protection, cryptography, key management, identity and access management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments. Excellent interpersonal and communication skills required to partner with other leaders across IT & business functions. Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies. Experience with enterprise applications (architecture, development, support, and troubleshooting). Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies. Experience representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions. Working knowledge of compliance frameworks and security management standards (e.g., ISO 27001, NIST CSF, CIS etc.) Experience with enterprise architecture and working as part of a cross-functional team to implement solutions.

Competencies critical to the role

Demonstrate skills to achieve stated objectives. Demonstrate communication skills to address different audiences. Demonstrate self-starter with ability to gain required knowledge in dynamic environments and remain up to date on cutting-edge technologies. Demonstrate teamwork & collaboration. Demonstrate analytical, troubleshooting, and problem-solving skills.

Qualification

Bachelor's Degree in a related area such as Computer Science or Information Technology or B. Tech

Preferred Industry

BFSI / NBFC /E-commerce/IT & ITES / Telecom