This position is to perform the role of information security risk analysis and risk management in the Bank. The Risk management should cover- Risks analysis, risk assessment for various projects and existing solutions. It includes below:
- Follow a risk assessment process that is consistent across all risks and the organisation to identify and evaluate key risks.
- Implement policies, standards and procedures to ensure that all identified risks are managed within the organisation’s risk appetite.
- Regularly monitor the risk management processes and the corrective actions.
- Regularly present risk reports to the key stakeholders, and invite feedback into the risk processes.
- Communicate appropriate risk information to the organisation’s stakeholders.
- Maintain and track all the risk jobs for reporting and records
List the expected end results that must be achieved in order to fulfil the job purpose and the activities that help in achieving these results.
|EXPECTED END RESULTS||MAJOR ACTIVITIES|
|Risk management||a) Centrally execute and track a consistent information security risk assessment process to identify, evaluate and mitigate project related information security risks at an organisation level pertaining to both process and technology.
b) Engage with business and IT teams to report project related information security risks.
c) Process documentation.
d) Manage security assessment team resources and facilitate coordination with business /IT teams as per standard process.
|Vendor Information Risk Management||a) Assist with multi-tier vendor risk assessments and tracking findings, corrective and preventive action plans to logical closure.
b) Process documentation.
|Exception management||a) Oversee and manage the requests for exceptions to laid down policy, procedure and guidelines with reference to
· Internet access
· Remote/external access
· System acquisition, development/integration, maintenance
b) Collate and present exceptions outside the areas mentioned above via RAF to ISRMC for approval and track the same via a central risk dashboard.
c) Process documentation.
Scale – 200 yearly
|Governance||a)Reviewing and incorporating information security into the critical organisational processes
b)Half yearly review of information security policies , processes , standards and guidelines
c)performance monitoring in the form of metrics , senior management dashboard , timely escalations of non compliance
d) Assist with review of Risk register and risk acceptance forms for acceptable level of risk.
e) Keeping track of various Infosec/cyber fraud committee minutes and follow ups for compliance
f) Developing enterprise security effectiveness criteria including IT security tools on end points , servers , network etc implementation
|Digital VAPT||a) Preparation & review of the digital calendar to ensure that all critical applications have undergone testing cycle
b)Periodic updates to CISO & other reporting on progress of the Digital VAPT calendar with open/overdue observations
c)Follow-up and ensuring closure of the open/overdue points based on agreed timelines with business stakeholders
|Netbanking/Mobile banking changes/enhancements||a) Risk assessment for change in the rules in the net/mobile banking, rule pertaining to cooling period for functionality introductions, enhancements pertaining to addition of functionality on netbanking/mobile banking to be performed
b)Inputs to be provided based on risk assessment & ensure necessary testing is performed for the same
Description of the Relationships and Roles:
Working relationships held by the role (Internal and External)
· Department: Across all departments – Retail, WBO & Support (legal, IT, Admin etc)
· Upwards: Interactions with supervisors and senior management for exceptions, reviews and other assessments
· Sideways:Across various departments in retail, WBO & support
· Downwards: All levels, across departments in retail, WBO & support.
· Third party vendors who propose new solutions to bank/existing Bank vendors
|Weekends||5 Days a Week|
|Working Hours||Banking Hours|