Job Description

:

Job title: Technology Information Security Officer (TISO)

Corporate title: Associate

Location: DIPL, Pune

Role Description

TISO is assigned a set of Application Software Assets and associated Databases, Infrastructure Software Assets, IT Services, Hardware Assets or IT Assets. The TISO assumes ownership for these assets from an IT Security perspective. It includes IT services outsourced to an external vendor and TISO is responsible to ensure compliance. The TISO executes all tasks that are assigned to this role based on defined and approved internal policy, procedure, processes & controls.

Your key responsibilities

The TISO's responsibilities within the assigned Division or Function comprise:

• To accept the ownership and responsibility for the information security of the assigned IT Assets.
• To carry out the Information Security Risk and Compliance Assessments for the assigned IT Assets and processes.
• To remain fully trained and skilled by completing the required Information Security training provided by CSO or as requested by the Principal TISO or the Divisional TISO.
• To provide guidance to key role holders such as ITAOs (IT Asset Owner) and ISOs (Information Security Officer) to develop a secure environment by evaluating the IT Security requirements as early as possible in the system development life cycle to select the applicable information security controls for implementation.
• To guide ITAOs on the implementation of compensating controls in case of deviations from the applicable information security controls.
• To approve the access control and user authorization setup of the assigned IT Assets.
• To execute and document periodical recertification of access rights in compliance with the DB Group Identity and Access Processes.
• To ensure that the necessary Information Security controls are implemented, influences IT risk & control-related policies/standards and provide feedback as subject matter expert. (Co-) Design implementation measures and oversee their implementation.
• To cooperate with key role holders such as ITAOs and ISOs to put monitoring capabilities for IT Assets in place. To review the output of the monitoring jointly with the key role holders such as ITAOs and ISOs to avoid degradation of the required security level.
• To analyze and review the configuration of IT Assets where required and to advise on the remediation of gaps according to the applicable Information Security policies.
• To contribute to the Information Security Incident Management Process in the case of a security breach for their IT Assets, if requested.
• To assess and document the IT Risk associated with outsourcing engagements with external vendors
• To actively participate in the discussion with external vendors to ensure that proper due diligence is performed on IT Risk & Controls as per Bank's and Regulatory framework
• To maintain the Information Security related documentation of assigned IT Assets in the DB Group IT Asset inventory.
• First point of escalation and conflict resolution internal as well as with central functions or parties outside DB (eg. Regulator).
• Pre-empt changes in the legal/ regulatory environment and support and advise senior management of potential impacts.
• Oversees the performance and quality assurance of assessment executions for upcoming audits and/or execution of legal/ regulatory.
• Ensures appropriate senior management awareness/oversight to follow-up on action items to resolve identified issues.

Your experience:

• 7 years' experience (or comparable track record) in Information Security risk and compliance management.
• Expert knowledge & experience in the following fields: Information Security, Data Protection, Software Development, Audit Management, DevOps Security, Broker solutions, Designing alert mechanisms & Monitoring, Recertification.
• Strong understanding of MAS & HKMA TRM guidelines.
• Strong understanding of MAS & HKMA Outsourcing guidelines
• Strong experience in Vendor Risk Management
• Excellent analytical skills to evaluate problem, root cause and resolution.
• Experience in translation of very complex topics in clear and crisp messages/ visions.
• Fluent in English (written/verbal).

Your Technical skills:

Must have a strong experience and knowledge in the following.

• Cyber security, HSM, Cryptography, encryption/decryption solutions.
• Configuring TLS/SSL, PKI, ACLs, API Security.
• Windows, Unix, Linux platforms and Oracle & SQL database.
• Experience in Cloud Platform is preferable.

Education:

• Degree from an accredited college or university (or equivalent Diploma) preferred.
• CISM, CRISC or CISSP.
• Cloud Engineer Certification (preferable).

What we'll offer you

As part of our flexible scheme, here are just some of the benefits that you'll enjoy

• Best in class leave policy
• Gender neutral parental leaves
• 100% reimbursement under childcare assistance benefit (gender neutral)
• Sponsorship for Industry relevant certifications and education
• Employee Assistance Program for you and your family members
• Comprehensive Hospitalization Insurance for you and your dependents
• Accident and Term life Insurance
• Complementary Health screening for 35 yrs. and above

How we'll support you

• Training and development to help you excel in your career
• Coaching and support from experts in your team
• A culture of continuous learning to aid progression
• A range of flexible benefits that you can tailor to suit your needs

About us and our teams

Please visit our company website for further information:

Our values define the working environment we strive to create - diverse, supportive and welcoming of different views. We embrace a culture reflecting a variety of perspectives, insights and backgrounds to drive innovation. We build talented and diverse teams to drive business results and encourage our people to develop to their full potential. Talk to us about flexible work arrangements and other initiatives we offer.

We promote good working relationships and encourage high standards of conduct and work performance. We welcome applications from talented people from all cultures, countries, races, genders, sexual orientations, disabilities, beliefs and generations and are committed to providing a working environment free from harassment, discrimination and retaliation.

Click to find out more about our diversity and inclusion policy and initiatives.