Assistant Manager - IT Cyber Security Pune

Job Description:

1. IT cyber security Framework (Policy design and implementation)
▪ Develop policies and framework for maintaining cyber security (for network, servers, and applications), basis
knowledge of cyber security and understanding of business domain & associated information risk.
▪ Implementation/ enforcement of cyber security policies, standards, and procedures by working with key
stakeholders to ensure policies support compliance with external requirements.
▪ Design and deploy tools and mechanisms for avoidance/ early identification of phishing related attacks, surprise/
mystery alerts, etc.
2. IT Cyber Security compliance adherence (ISO certification & RBI Master Directions)
▪ Prepare and provide evidence of compliance of various processes & policies with statutory requirements to obtain
certification.
3. Security Audit/Assessments
▪ Engage with consulting partners to conduct various cyber security audits of processes and systems and oversee
various IT security & regulatory audits and CAPA tracking.
▪ Review the observations from security audit and identify action plans to address the highlighted issues in the
systems.
▪ Facilitate and oversee end-to-end vulnerability testing for all applications, create the reports, share status with
audit team, and address issues, if any
▪ Periodically apprise on information security posture of the organization, highlight challenges, risk, and improvement
areas
▪ Provide consultative inputs with respect to audit observations, information security incidents, implementation
guidance, risk assessment, risk treatment and all related activities.
▪ Establishes and regular reporting mechanisms for measuring compliance and performance of Management
projects.
4. Admin and IT security maintenance
▪ Conduct periodic internal audits, vulnerability and penetration testing of networks and critical assets for identifying
threats which need mitigation.
▪ Review, analyze, resolve, and escalate the information security incidents reported in the organization and manage
security exceptions.
▪ Keep all users and stakeholders abreast of the changes made to security policies/ frameworks etc. through
appropriate modes of communication.
▪ Perform threat intelligence w.r.t brand protection and digital abuse.
▪ Perform Data security via DLP.
▪ Perform technology security review on application, infrastructure & cloud security.
▪ Design requirements for security compliance automation tasks & Influence Security Control Automation efforts,
security, and compliance at scale.
▪ Act as a security advocate, supporting business owners’ requests related to security (evaluate policy exception
requests, complete third-party security assessment).

5. Vendor management
▪ Evaluate, select, and manage service vendors to ensure continued delivery of quality services without compromise
on IT security.
▪ Review vendor processes and systems to ensure they are aligned with compliance requirements and set security
standards.
▪ Perform vendor risk assessment on critical IT vendors on a periodic basis.
▪ Deliver IT cyber security training and awareness initiatives for vendors.