Job Description

Group Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.
Job Purpose
The purpose of the role is to govern an assure internal and external security risk posture is aligned to Banks and Regulators policies, standards and guidelines.
This role also plays pivotal role to identify and prioritize information security related risks through proactive risk assessment and being mindful of security compliance.
Key Accountabilities
Primary SPOC for internal and external IS audits
Manage regulatory submissions related to IS
Audit readiness and preparedness within IS team
IS Calendar and compliance delivery assurance tracker
Manage Security Awareness programme
Build partnership with Tech GRC, Risk and Compliance depts along with group
Job Duties & responsibilities
Work closely with Information Security / CISO functions for risk mitigation plan of identified risk tracked in GRC system.
Collaborate with ITGRC and Compliance for external and internal IT audits and review/ manage audit response from internal IS team before audit submissions. Participate in the audit meetings to discuss audit issues impact and risk severity.
Decipher regulatory circulars, advisories, master directions and convert into key actionable KPI, governance tracker, system changes, policy and standard changes.
Define KRI and ensure compliance and security assurance
Maintain list of circulars and actionable
Maintain IS calendar for key deliverables on defined frequency
Liaise with local and group GRC team on key updates/initiatives.
Review internal requirement received from Compliance dept and
Track and follow up with risk / action owners to check status of the risk mitigation plan and update IT management on the status.
Drive IS awareness programme including periodic mailers aligned as per Cyber Jagrookta Diwas
Exercise Risk Control Self Assessment (RCSA) exercise for ISS dept.
Proactively highlight anticipated delay in risk mitigation plan and get the target completion date extended with formal approvals and update GRC system.
Report key risks in IT Steering / Strategy committee and other risk management committees.
Apply principle of Risk management to transfer, mitigate OR accept the risk for identified risk.
Ensure readiness of security audits with historical audit re-requisites
Proactively ensure compliance on recurring audit requirements
Get the risk acceptance approved as per risk approval matrix and lodged them in the GRC tool.
Perform IT risk assessment and process review to confirm compliance to IT policies and procedure.
Required Qualification
Overall 4-8 years on experience in Information/Cyber Security/ATM security
Preferred with strong knowledge standards/framework like ISO27001, PCIDSS, Basel, NIST 800-53
Well versed with RBI master directions Cyber security, Digital payments, outsourcing.
Sound knowledge on fundamentals of information security, tools applicability and purpose
Education / Preferred Qualifications
Graduation: BE IT/Computers/Electronics, B.Sc. - Computers, M.Sc. - Computers
Post-Graduation: PGDIT, MCA, MBA
Core Competencies
Excellent analytical and decision-making skill sets
Effective in Communication, documentation and report writing skills
Ability to consult and validate solutions to mitigates risks to business and systems

P
Education: Any Graduate
Industry: Financial Services/Stockbroking, Banking

Skills Required