Reporting Structure

Reports to Sr. VP, Systems Audit

Education

B. Tech or MCA or CA

Industry

Information technology / Financial services

Experience

• 10 years of experience in Information Security

• At least 5+ years of experience in Security Incident Response or Security Incident Management

• Must have thorough knowledge and hands-on experience in implementing Regulatory and best practices in Cyber Security Incident Management such as NIST, CERT

• Must have at least 1-2 years of experience in handling cyber Security investigations and Digital Forensics analysis

• Candidate must have an ability to perform independent analysis of reported Cyber Security incidents, carry out root cause analysis and recommend remedial measures

• Knowledge on Big data analytics tools/technologies is a big plus

• Must have practical hands-on experience in Three or more of the following areas: SIEM technologies, Security orchestration tools, Change/configuration management technologies, Cyber Security drill conducting or participation, Network forensics tools

• Knowledge in auditing of Financials systems including banking products and services will be a big plus

• Must have experience in people management & performance evaluation

• Strong interpersonal, Organizational and communication, written and oral communication skills

Responsibility

• Design Cyber Security Incident Management strategy in consultation with stakeholders and in alignment with regulatory requirements and industry best practices

• Support in providing guidance during incident response and analysis phases

• Act as an subject matter expertise to stakeholders in the complete life cycle of Security Incident Management

• Analyzing potential impact of Security incident and communication to stakeholders from risk exposure perspective

• Design Cyber Security drills with varied scenarios and collaborate with stakeholders in conducting drills

• Trend analysis of reported security incident reports

• Prepare management reports on security incidents for top management

• Support in managing Forensics and investigation on need basis

• Ensure consistent, concise and clear incident reports and recommendations

• Stakeholders management of business stakeholders

• Identify and evaluate technology/tools usage to improve the Security Incident Management efficiency

• Trend analytics report on Security incidents and report to management

• Competency development for incident analysts on an ongoing basis

Certifications

• CISA/CISSP

• Big data or Business analytics certifications

• Forensics certified