Senior Manager - Security Audit and Controls

Senior Manager - Security Audit and Controls

About the company

SBI Card is a leading pure-play credit card issuer in India, offering a wide range of credit cards to cater to diverse customer needs. We are constantly innovating to meet the evolving financial needs of our customers, empowering them with digital currency for seamless payment experience and indulge in rewarding benefits. At SBI Card, the motto 'Make Life Simple' inspires every initiative, ensuring that customer convenience is at the forefront of all that we do. We are committed to building an environment where people can thrive and create a better future for everyone.

SBI Card is proud to be an equal opportunity & inclusive employer and welcome employees without any discrimination on the grounds of race, colour, gender, religion, creed, disability, sexual orientation, gender identity, marital status, caste etc. SBI Card is committed to fostering an inclusive and diverse workplace where all employees are treated equally with dignity and respect which makes it a promising place to work.

Join us to shape the future of digital payment in India and unlock your full potential.

What’s in it for YOU

1. SBI Card truly lives by the work-life balance philosophy. We offer a robust wellness and wellbeing program to support mental and physical health of our employees
2. Admirable work deserves to be rewarded. We have a well curated bouquet of rewards and recognition program for the employees
3. Dynamic, Inclusive and Diverse team culture 
4. Gender Neutral Policy
5. Inclusive Health Benefits for all - Medical Insurance, Personal Accidental, Group Term Life Insurance and Annual Health Checkup, Dental and OPD benefits
6. Commitment to the overall development of an employee through comprehensive learning & development framework

Role Purpose

The role is responsible for successful implementation of security audits, governance controls and risk management along with ensuring compliance with the function and in alignment with the organization's vision and objectives.

Role Accountability 

1. Define and maintain IT Controls framework and monitoring adherence to the same
2. Drive control adherence around logical access management to IT applications
3. Collaborate with Infosec and IT team to support and drive information security initiatives such as CASB, DAM, EDR, SIEM Integration, SCD etc.
4. End to end coordination with Infosec and IT teams in driving timely remediation to vulnerabilities in applications and ensuring we are compliant
5. Support Infosec to drive timely closure of application assessments such grey box, black box, source code review and remediate vulnerabilities if any.
6. Develop, initiate, maintain, and revise policies and procedures for the general operation of the IT Compliance Program and its related activities to prevent illegal, unethical, or improper conduct
7. Interact and co-ordinate to ensure ISO 27001 and other compliance requirements are fulfilled.
8. Collaborate with relevant teams such Internal audit team, Infosec team and IT in driving information systems audit from timely closure, evidence submission, front-ending and remediation perspective
9. Drive implementation of relevant controls to support PCI-DSS certification and annual renewals from IT end
10. Ensure continuous improvement of internal control framework including the integration of multiple compliance requirements
11. Establish, monitor, and report on relevant performance metrics and applicable IT compliance metrics
12. Work with Information security team and risk management functions as well as various technology teams and business partners in the design and implementation of IT risk assessment practices
13. Develop and ensure compliance to corporate software governance policies and procedures
14. Provide recommendations on overall operations of software governance processes including software and technology reviews, data quality reviews
15. Design and implement methods of staying abreast of RBI regulations pertaining to Information Technology, analyzing exposure to SBI card and proactively highlight the implementation gaps on an ongoing basis
16. Plan and drive control framework to sustain and improve  IT networks, WAF, Proxy
17. Support Infosec in Firewall and network Controls review and close the open points
18. Drive the implementation of security baseline for all the applicable technology infrastructure as per industry standard
19. Ensure adherence to regular process documentation practices in compliance with the process guidelines

Measures of Success 

1. Timely closure of security initiatives, projects
2. Adherence to Application vulnerability assessment calendar and timely remediation
3. Adherence to IT Compliance metrics
4. Timely audit Observations on Logical Access Management/Incident management
5. Timely closure actionable from internal SBIC critical forums and external regulatory bodies 
6. Timely closure of Information Security audit and quantum of observations
7. Timely and accurate updation of process documentation
8. Process Adherence as per MOU

Technical Skills / Experience / Certifications

1. ITIL , Scrum Master, CPISI Certifications
2. Fair understanding on Agile Principles, Visio, Understanding Workflows, Program/Project management skills
3. Fair Understanding on IT technical aspects (Network, Infra, DB -Oracle, SQL, main frames.)
4. Good Technical and functional domain knowledge to front-end audits
5. Good understanding of data privacy requirements
6. Good knowledge in PCIDSS and security requirements for Banking Sectors
7. Technical and functional domain knowledge to front-end audits
8. CISA, CISM, CEH or CISSP Certified preferrable

Competencies critical to the role

1. Stakeholder Management
2. Analytical Ability
3. Problem solving skills
4. Detail Orientation
5. Verbal and written communication

Qualification 

Bachelors or Master’s degree in computer science, networking, IT infrastructure, information security or related fields

Preferred Industry

NBFC / BFSI Industry / IT Infrastructure

Experience Level

Senior Level