Roles & Resposbilities
Managing the risk assessment, remediation and monitoring of technology risks
Ensure technical risk identification, assessment, quantification, tracking, reporting, communication, mitigation and monitoring
Manage the day-to-day activities of threat and vulnerability management including Vulnerability Assessment (VA), Penetration Testing (PT), Application security assessment (Appsec), Firewall/IPS/IDS Rule Base review
Develop, review and update hardening standards and guidelines.
Recommend treatment plans and communicate information about residual risk.
Analyze technical risks and arrive at risk criticality after considering compensating controls
Provide Risk Acceptance recommendations
Discussion with stakeholders for Risk Closure
Revise and develop processes to strength the current IT risk framework
Manage outsourced vendors with contracted service-level agreements.
Serve as an internal technical risk consultant to the operating functions and business lines
Builds and maintains positive working relationships with various IT and business teams
Responsibility for overall use of project resources, and initiation of corrective action where required.
Responsibility for compliance with standards, for example including change control management.
Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.
Must have Minimum 7-15 years of experience in IT Security industry with a proven ability to lead and deliver multiple projects at one time or a similar delivery management role, including people & vendor management
Proficient working knowledge within the following risk domains/ technologies:
Database and application security
Database/Application/Network Layer Secure Protocols
Physical and Environmental Security
Secure Software/Code Development