Role Objective

The incumbent will support in developing and implementing security controls, security standards, security solutions, including the ongoing assessment and tracking of adherence to required security guidelines across the enterprise computing environment, operate security tools, monitor threats and security issues. The Job holder will also support in managing Security projects, organizing resources, and carrying out risk assessment, ensuring that the project deliverables and quality standards are met, as per the established SLAs.

Detailed Roles and Responsibilities

• Working with IT Security Manager to Ensure the IT Security Operations are aligned with Enterprise Security Strategy and objectives
• Deploy IT Security related projects based on best security practices, standards, trends and audit findings. Including intensive researches, POCs, RFIs, RFPs and technical evaluations.
• Ensure that IT Security related projects are managed in accordance with the project management methodology including document templates, identifying project phases, reporting and planning information for successful project delivery.
• IT Security tools operation, administration, monitoring and optimization. Security tools including but limited to Firewalls, WAF, proxies, endpoint security, DLP, CASB, NBA, UEBA, cloud security tools, etc.
• Prioritize security coverage to ensure that strategically important data and mission critical systems receives the highest levels of protection.
• Ensure timely closure of all findings of the penetration tests and vulnerability assessments, and prepare responses to internal /external audits, penetration tests and vulnerability assessments.
• Resolve IT security related weaknesses/gaps in controls identified through various audits and Security Operations Center (SOC) operations.
• Responding to SOC reports to identify trends that might indicate a future risk.
• Enhancing, following up and optimizing all SIEM use cases and SOC related operations.
• Security controls assurance and effectiveness by regular security testing and simulating attacks.
• Contribute towards development of security baselines for all IT infrastructure and Applications, and regular review and updating of all IT Security related SOPs.
• Provide the needed support for security compliance frameworks including central banks, PCI, SWIFT CSP, etc.
• Participate of IT Security policies and procedures. In addition to Information security procedures related to IT in coordination with CISO.
• Research emerging technologies in support of security enhancement and development efforts.
• Review and implement the baseline configuration of various operating system, application software, Database, middleware etc., with the assistance and coordination with respective IT Stake holders. Any deviation to the approved baseline is reported Information Security risk team and obtain the confirmation for exception.
• Ability and availability to support security incidents, investigations and administration tasks on need basis and planned basis and in case of emergency 24 X 7
• Timely / periodic updating the progress in IT Security operations on various KRI and KPI to Information Security and IT Head.
• Analyze and perform risk assessment for all the Change requests raised by various IT teams, and assist Head, IT Security and CISO in decision making.
• Maintain an updated Security architecture and design, to ensure segmentation is adhered strictly in IT Infrastructure.
• Self-update and aligning with IT/security industry trends, new solutions and techniques, as well as emerging threats and regulatory requirements/changes set by QCB and other relevant government bodies, and, suggest adequate changes in the section, including but not limited to staffing of employees, department deliverables etc.

Educational Qualifications, Experience and Skills Required

• Bachelor’s degree in Computer Engineering, Computer Science, Information Systems, Cyber Security or any other related discipline from a recognized university.
• Master’s degree in Information Security Management, Computer engineering, management or any other related discipline from a recognized university.
• 06-10 years of total experience in financial services/banking industry, entailing responsibilities pertaining to the specific area of discipline.
• Significant experience in leading IT security operations of a large enterprise, with geographical spread, preferably BFSI.
• Thorough knowledge of information system security principles, practices, and technologies
• Proficient knowledge of Security Technologies / solutions w.r.t Network Security & Firewalls, PAM, SIEM, DLP, NAC, IPS/IDS Web application firewall, DOS/DDOS Analytics, virtualization security & not limited to.
• Deep understanding and knowledge of OWASP top vulnerabilities/threat and their solution.
• Experience on Network Penetration Testing and Forensic Analysis.
• Working knowledge of Security tools, with extensive knowledge in IT Security
• Knowledge of Cyber Security Standards and Best practice frameworks ISO 27001, PCI-DSS, Swift CSP etc.
• Knowledge of network security different layers. Prevention and detection tools.
• Understanding of ITIL standards and associated change / service management disciplines.
• Proficient Knowledge of Vulnerability Assessment Products covering entire security portfolios of BFSI Sector.
• Knowledge in cloud migration and cloud security
• Advanced level knowledge of IT security compliance

Certifications

• Two or more of these security certificates or equivalent is preferred: CCNA security, CCNP security, CEH, CCSP, security+, CISSP, CISA
• Administration level certification issued by OEMS in Security devices & technologies: