Information Security Officer

Key Responsibilities:

Maintain a thorough understanding of the bank's environment and ensure compliance with information security policies, directives, and regulatory requirements internally and externally. Stay updated on evolving best practices in cyber security risk management.

· Possess a comprehensive understanding and practical proficiency in the Secure Software Development Life Cycle.

· Evaluate the security architecture and design of business applications and related databases.

· Conduct timely risk assessments of applications to identify information security vulnerabilities prior to their deployment.

· Develop and oversee the application security program, providing recommendations for secure application architecture.

· Supervise and conduct due diligence and security baselining for newly introduced applications.

· Perform assessments of application security controls, vulnerability testing, and penetration testing.

· Ensure effective coordination, planning, and response to internal and external audits, as well as regulatory requirements, resolving audit findings promptly.

· Possess practical experience in conducting web and mobile application penetration testing according to OWASP top 10 and CWE/SANS top 25 standards, using Black-Box, Grey-Box, and White-Box methodologies.

· Conduct security assessments, code reviews, vulnerability scans, and penetration tests to identify vulnerabilities, weaknesses, and risks in web applications, APIs, and software components.

· Collaborate with development teams to address identified vulnerabilities, implement secure coding practices, and establish guidelines to safeguard application confidentiality, integrity, and availability.

· Stay updated on security trends, technologies, and best practices, integrating security controls into the software development lifecycle.

· Undertake assigned ad-hoc projects from the line manager.

Requirements:

· Possess a minimum of two to three years of experience in application security.

· Bachelor’s degree in Computer Science/IT/B.Tech/B. E or related fields

· Sound knowledge of ISO 27001, PCI DSS, SWIFT CSF, NIST or related standards and frameworks.

· Professional certifications such as CASE/ CASS/ CSSLP/ CEH etc. will be preferred.

· Demonstrate an understanding of information security and risk management concepts.

· Must have experience in Kubernetes (GKE, KUBECTL, HELM) and containers (Docker)

· Appreciate the value of diversity in the workplace and actively contribute to fostering an inclusive culture that enables individuals to realize their full potential and bring their authentic selves to work.

· Work independently, prioritize multiple tasks, and adapt to changes as required.

· Maintain composure and perform well in high-pressure and challenging situations.