CS Risk Manager

Job Description

• Infosec risk mgmt.

• & application security 1) Execute the process of compliance to application security standard for scoped in enterprise business applications as per defined periodicity.

• 2) Assist and execute PMO activities publish calendar, engage with stakeholders for tech and procedural controls, ensure timely responses with evidence & validate the same, prepare necessary tracker and management d/board, escalation mechanism, refine the associated KRI & threshold/ranges and convene stakeholder meetings as required.

• 3) Assist with review process of compliance to application security standard for scoped inhouse applications (approx.

• 100) and carry out related PMO activities.

• 4) Evaluate Changes (Q-R type ) from risk assessment perspective and provide advisory 5) Process documentation Third Party IS Risk mgmt, governance & merchant Pci Dss compliance a) Develop and periodic review of information security policies, processes, standards and guidelines.

• Oversee the approval and publication of these documents.

• b) To develop metrics and tracking mechanisms for performance monitoring based on maturity assessment reports.

• c) To facilitate comprehensive analysis of the performance posture of ISG function and conduct periodic internal reviews or audits to ensure that compliance procedures are followed d) Assist in responding to internal and external queries for information to meet RBI and other regulatory compliance requirements e) Assist and execute third party risk management program publish calendar for third party assessment, conduct assessment, release assessment report, engage with stakeholders for risk remediation, tech and procedural controls, ensure timely responses with evidence & validate the same, prepare necessary tracker and management d/board, escalation mechanism, refine the associated KRI & threshold/ranges and convene stakeholder meetings as required.

• f) Coordinate & support relevant stakeholders in the channel fraud incident response and related aspects of compliance, policy and rule mgmt.

• of risk engine.

• g) Manage the merchant PCI DSS compliance desk and defined deliverables, track and report on deliverables.

Skills

• 1. Good written and spoken communication skills.
• 2. Good analytical and problem solving skills
• 3. Dedication to work & goal defined which is in line with department & organization goals and complete the task & goals defined as per timeline.
• 4. Independent
• 5. Communicate effectively the risks highlighted which can be actioned at appropriate levels.
• 6. Should have:
• a)Advanced understanding of Global IT security standards, PCI Standards and relevant legal compliance aspects
• Demonstrated knowledge of information security, software, applications, mobility, web technologies and IT infrastructure
• Broad knowledge of many functional business areas
• d) Understanding of regulatory reporting functions and processes
• e) Strong ability to self-direct work and area of focus, and to establish appropriate timelines and execution.
• f) Excellent written and verbal communication skills
• g) Ability to present technical information to non-technical persons
• h) Relationship management skills and ability to interface confidently with colleagues at all levels
• i) Ability to be adaptable and flexible in responding to deadlines and workflow fluctuations
• 7. Experience required as below
• b. 9 years of experience in managing or conducting Information Security / IT audits
• a. 9 years of experience in IT and Information Security compliance management
• Working knowledge on IT Operations management and Information Security best practices management
• c. Should have preferably worked in a Banking / Regulatory environment

Qualifications1. Bachelors Degree- IT/ computers or MBA-IT with Compliance Certifications like CISA, CISM. 2. Bachelor of Science or Bachelor of Engineering, BCA, MCA 2. Information Security Certifications such as CISA, CISSP, CeH, ISO 27001 etc. 3. A working knowledge of most aspects of information security is essential, as is the ability to apply this knowledge in an open network environment. 4. A working knowledge related to PCI DSS (organisation / merchants / service providers) is required,

Keyskills :
pcidss topmanagement itoperationsmanagement iso27001 risk securitytools customerrelations itstrategy banking compliance externalaudit riskmanagement itsecurity itoperations tatementsofworksow