Senior Manager - Network and Security Operations Compliance

Information Security II-SUPPORT SERVICES-IT Security

Job Title: Senior Manager / Associate Vice President - Network & Security Operations Compliance

Job Purpose:

Oversee the Audit and Compliance activities for the Network & Security Operations within the Information Technology division of the Bank. This role requires effective collaboration with Internal Auditors, External Auditors, Regulatory Auditors, the Information Security Team, the IT Compliance Team, IT - PMO team and the Project and Support teams of the Network & Security Operations function

Location: Mumbai

Years of experience: 6 to 10 Years

Job Description:

Single Point of Contact (SPOC) for Audit & Compliance activities of the Network & Security Operations Function.

Collaborate with the Project & Support team of the Network & Security Operations function to:

Ensure timely submission of data requirements for various internal, external, and regulatory audits.

Lead discussions with auditors during process and technology walkthroughs.

Review auditee responses for non-conformities raised in various audits.

Maintain up-to-date records of non-conformities raised in audits.

Document the progress of closing non-conformities identified in audits.

Review auditee responses and artefacts for compliance with non-conformities raised in audits.

Ensure timely submission of auditee responses and artefacts to relevant stakeholders.

Maintain up-to-date records of non-conformities, compliance submissions, and supporting artefacts for easy reference.

Provide information to senior management as needed.

Collaborate with the Information Security Team, IT Compliance, and Project/Support Team of the Network & Security Operations function to:

Ensure timely closure of non-conformities raised in Security Assessment activities such as VAPT, Application Security Testing, and Red Team Assessment.

Ensure compliance with PCI DSS requirements.

Ensure timely submission of compliance to regulatory requirements such as Master Directions, Circulars, Advisories, Alerts, and Ad hoc Questionnaires.

Ensure timely submission of regulatory requirements such as Cybersecurity KRIs, OKRs, and RBS Tranche.

Maintain Standard Operating Procedures (SOPs) and ensure their timely update.

Maintain an up-to-date inventory of Applications, Servers, Security, and Network Devices for the function.

Track compliance across various domains, including Inventory Management, Patch Management, Vulnerability Management, Change Management, and Exception Management.

Publish compliance dashboards to senior management on a periodic basis.

Eligibility :

Minimum 7 years of experience as a Cyber Security practitioner with relevant knowledge in Governance, Risk, and Compliance (GRC).

Experience in Information Security domains such as Network Security Management, Perimeter Security Management, Identity & Access Management, Cyber Risk Management, Data Loss Prevention, and Infrastructure Security.

Hands-on experience in managing Cybersecurity solutions, particularly in one or more of the following: Firewalls, Web Application Firewalls (WAFs), Remote Access VPNs, Micro-segmentation, Privileged Access Management, 2FA solutions, Data Loss Prevention, and File Integrity Monitoring.

Experience in assessing and/or implementing security and risk standards, including ISO 27001, NIST CSF, PCI DSS v3.2.1/4.0, and RBI Cybersecurity Framework.

Well-versed in cybersecurity auditing methodologies.

MBA/Graduate with B.E/B.Tech degree or Post Graduate with M.S/M.Tech/M.E.

Preferred cybersecurity certifications: CISA, CISM, CCNA, CCNP, Microsoft Technologies, etc.

Strong team player with excellent presentation, communication, and management skills.

Uphold high standards of ethical behaviour and professionalism.