Reporting Structure

The person would report to Sr.VP, Cyber Security

Education

• University degree in the field of computer science or IT

Qualifications

• Proven work experience as a system security engineer or information security engineer
• Experience in building and maintaining security systems
• Thorough understanding of the latest security principles, techniques, and protocols
• Detailed technical knowledge of database and operating system security
• Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
• Experience with network security and networking technologies and with system, security, and network monitoring tools
• Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols
• Excellent knowledge of application and mobile development languages, database and security best practices related to the same
• Good project management skills and excellent oral and written communication skills
• Problem solving skills and ability to work under pressure

Experience (years)

• A minimum of 12+ years of IT experience with at least 6 years developing and implementing Applications (Client, Web and Mobile) and having knowledge of databases; managing security staff for at least 5 years in technical leadership roles

Industry

• Financial Domain (Banking / NBFC experience is desirable)

Responsibilities

• Engineer, implement and monitor security measures for the protection of computer systems, networks and information
• Identify and define system security requirements
• Design computer security architecture and develop detailed cyber security designs
• Prepare and document standard operating procedures and protocols
• Configure and troubleshoot security infrastructure devices
• Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
• Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls
• Coordinate with the enterprise system and network teams to ensure alignment between security and enterprise architectures
• Coordinate with the enterprise application development teams to ensure alignment between security and enterprise architectures
• Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the organisation's reputation.
• Define application and database related security policies, guidelines, strategy
• Define security guidelines for application development (secure SDLC, Secure coding practises etc.)
• Create Application Security Life Cycle (ASLC) framework which includes developing threat modelling practises into product life cycle
• Define approach and conduct vulnerability assessment and penetration testing
• Work with SoC team to define event correlation rules related to application and database threats and vulnerabilities, ensure all events related to application threats are tracked to closure
• Assist in Incident management and Business Continuity Management
• Risk assessment for new technology procurement /development
• Supporting Vendor Security activities to ensure 3rd‐party software and development meets ReBIT security standards

Certifications (any one)

• CEH: Certified Ethical Hacker
• CCNP Security: Cisco Certified Network Professional Security
• GSEC / GCIH / GCIA: GIAC Security Certifications
• CISSP: Certified Information Systems Security Professional