ISS:IS Security Officer

About Information Systems Security:

Information Systems Security (ISS) team ensures that Cyber Security Risk and Threats are managed through an risk management framework comprising of Information Systems Security Policies, Standards and Guidelines. The bank’s Information Security and Cyber Security Policy and Standards based on various regulatory requirements / guidelines from RBI Gopal Krishna report, cyber security framework, NPCI, IT Act, MAS, HKMA, Aadhaar etc., International regulations and standards such MAS, HKMA, PCI-DSS etc. The policies and standards approved by the Board of Directors encompassing independent identification, measurement and management of risks across the various businesses of the Bank. All compliance related requirements emanating from various regulators and stipulations like legal, regulatory and other standards adopted by the bank are periodically communicated to various stakeholders by way of circulars, office notes, workshops, etc. The bank has developed a comprehensive set of metrics like key performance indicators and key risk indicators for review by Business units, Subsidiaries and Top Management on a regular basis. Quarterly monitoring and reviews are undertaken by the top management for review and necessary action.

Technical Requirements:

Required-
• At least 1-2 years of hands-on experience in (AWS/Azure/GCP) cloud.
• Good understanding of application architecture web technologies.
• Exposure to at least one of the security domains like Network Security, Data Security, Access Control, Security Monitoring, Governance etc.

Desired-
• Hands-On experience in any leading CSPM tool.
• Good understanding of security vulnerabilities, controls risks.
• Keen eye to identify risk in technology or process.
• Self-motivated and a team player.
• Relevant Cloud certification in AWS/Azure/GCP etc.

Responsibilities:
• Perform risk assessment of proposed and existing system architecture for compliance with security best practices, recommending controls to mitigate identified risks.
• Create/Update security and compliance requirements for IaaS/PaaS/SaaS as per regulatory requirements and industry best practices.
• Create security baselines for various cloud services.
• Implement various cloud security solutions like CWPP, CIEM etc.
• Monitor CSPM tickets and engage with IT for timely closure.
• Manage own day-to-day cloud security operations.

#ComeAsYouAre "We are dil se open. Women, LGBTQIA+ and PwD candidates of all ages are encouraged to apply" Read more