Job responsibilities :

IT Risk Management :

- Perform risk assessments to identify, evaluate, and mitigate potential threats and vulnerabilities in IT infrastructure, networks, applications, and data.

- Develop and implement risk treatment plans to reduce identified risks to acceptable levels.

- Continuously monitor risk levels and update the risk management framework to reflect changes in the threat landscape.

SOC Operations Management :

- Oversee Security Operations Center (SOC) to ensure continuous monitoring, detection, and response to security incidents.

- Develop and refine incident response procedures and playbooks to address evolving threats.

- Implement SIEM (Security Information and Event Management) tools and use threat intelligence to proactively identify security anomalies.

- Lead forensic analysis and root cause investigation for security incidents, ensuring rapid containment and mitigation.

- Optimize SOC workflows by implementing automation for threat detection and response using SOAR (Security Orchestration, Automation, and Response).

- Establish and monitor KPIs for SOC performance to ensure operational effectiveness and timely incident resolution.

Cloud Security :

- Develop and implement cloud security strategies aligned with compliance standards such as ISO 27001, PCI DSS, and NIST CSF.

- Conduct security assessments for cloud platforms such as AWS, Azure, and GCP, ensuring best practices in IAM (Identity & Access Management), data encryption, and network security.

- Enforce CASB (Cloud Access Security Broker) solutions to secure SaaS applications and prevent unauthorized access.

- Implement cloud-native security controls such as CSPM (Cloud Security Posture Management) and CWPP (Cloud Workload Protection Platform) to enhance visibility and threat mitigation.

- Collaborate with DevOps teams to integrate security controls in CI/CD pipelines and cloud-native applications.

- Conduct cloud security risk assessments and provide recommendations to mitigate misconfigurations and vulnerabilities.

Compliance Management :

- Ensure compliance with regulations including RBI, NPCI, SEBI guidelines, ISO 27001, PCI DSS, and other security standards.

- Conduct regular compliance assessments to evaluate adherence to internal and external requirements.

- Update policies based on regulatory changes, educate employees, and ensure consistent adherence across departments.

Governance :

- Establish and update cybersecurity policies in alignment with RBI guidelines, ISO 27001, NIST, and PCI DSS standards.

- Implement governance frameworks to manage risks and strengthen information security strategies.

- Monitor cybersecurity programs and recommend improvements to enhance compliance and security posture.

Security Awareness :

- Design and implement awareness programs to educate employees on security policies and best practices.

- Conduct training sessions, workshops, and phishing simulations to promote a security-conscious culture.

- Measure the effectiveness of awareness initiatives through feedback, testing, and incident analysis.

KPI Reporting :

- Define and track key performance indicators (KPIs) for governance, risk management, compliance, and security awareness.

- Analyse cybersecurity metrics and generate reports for senior management to aid decision-making.

- Use KPI data to drive continuous improvements in the cybersecurity program.

What are we looking for :

- Comprehensive knowledge of RBI & NPCI guidelines, ISO 27001, NIST, PCI DSS, and other security standards.

- Expertise in governance, risk, compliance (GRC), SOC operations, and cloud security.

- Proficiency in SOC operations, SIEM tools, incident response, threat intelligence, and forensic analysis.

- Hands-on experience with cloud security frameworks, DevSecOps, and cloud-native security solutions.

- Ability to proactively identify risks and implement mitigation measures to reduce exposure.

- Foster a security-first culture through training and awareness programs.

- Monitor and improve policies and frameworks to address evolving cybersecurity threats and regulatory changes.

- Strong communication and interpersonal skills to effectively convey security matters to technical and non-technical stakeholders.

- Entrepreneurial skills, ability to observe, innovate, and take ownership of security initiatives.

- Detail-oriented and organized with strong time management skills.

- Influencing skills and the ability to create positive working relationships with team members at all levels.

- A collaborative approach and work with perfection as a group effort to achieve organization goal.

Education Qualification Graduate :

- Good to have certifications CISM, CISSP.

Experience : 10+ years.

Industry : Banking /Fintech.

Location : Bengaluru/Noida.

What do we offer :

- An organization where we strongly believe in one organization, one goal.

- A fun workplace which compels us to challenge ourselves and aim higher.

- A team that strongly believes in collaboration and celebrating success together.

- Benefits that resonate We Care