JD (Information Security Governance-M,SM,AVP,VP)

1. Conduct risk assessment of banking solutions/ applications, processes,

operations, technologies and vendor assessments.
2. Evaluate the adequacy and effectiveness of policies, procedures, processes, and
internal controls.
3. Evaluate if policies, procedures and processes are in line with the regulatory
requirements and standards like ISO 27001, PCI DSS, NIST etc.
4. Assess the technical security controls and identify the associated Information
Security risks & recommended measures.
5. Responsible for security compliance to the regulatory requirements and industry
standards.
6. Assess the exception requests in the security configurations for various platforms
and application vulnerabilities and respond with the.
7. Assess the adequacy of Cloud Security controls for cloud based solutions.
8. Monitor and evaluate the regulatory compliance requirements for cyber security
and act as SPOC for all the applicable information security regulatory
requirements.
9. Coordinate with various internal stake holders to ensure the regulatory
directives and understand actions taken to achieve compliance.
10. Monitor, track and coordinate with various stakeholders on open actionable
(issues, non-compliances etc.)
11. Responsible for disseminating security policies and provide security awareness
to all users via Workshops, flyers, e-learning portal etc.
12. Take on additional special projects and responsibilities as needed.

Qualification and Experience

 Minimum Bachelor degree in engineering (Preferably Information Security, IT or

Computer Science technology) / MCA
 Certifications like ISO 27001 LA / Implementer, CISA, CISM, CISSP, PCI DSS,
CSCP are desirable.
 10-12 years of relevant working experience.
 Worked as a senior Information Security Governance role at strategic level for a
Financial institution/Bank. Knowledge of architecting and delivering security
solutions within financial institution/Bank is preferred.
 Sound knowledge of Cyber Security frameworks & regulatory guidelines
preferably in banking environment. Knowledge on IT act and law would be an
added advantage.
 Should have in depth knowledge and rich experience of Information Security
assessments, Vendor technology risk reviews, Cloud hosting technologies and
understanding of associated security management controls & Compliance
essentials.
 Experience in working with various technologies.
 Experience working in highly regulated environments.
 Strong technical, analytical, and interpersonal skills.
 Superior attention to detail with excellent written and verbal communication
skills.
 Shall have capability and passion to do research and look for innovation
opportunities