Deputy Vice President - Security Governance & Compliance

About the company

SBI Card is a leading pure-play credit card issuer in India, offering a wide range of credit cards to cater to diverse customer needs. We are constantly innovating to meet the evolving financial needs of our customers, empowering them with digital currency for seamless payment experience and indulge in rewarding benefits. At SBI Card, the motto 'Make Life Simple' inspires every initiative, ensuring that customer convenience is at the forefront of all that we do. We are committed to building an environment where people can thrive and create a better future for everyone.

SBI Card is proud to be an equal opportunity & inclusive employer and welcome employees without any discrimination on the grounds of race, color, gender, religion, creed, disability, sexual orientation, gender identity, marital status, caste etc. SBI Card is committed to fostering an inclusive and diverse workplace where all employees are treated equally with dignity and respect which makes it a promising place to work.

Join us to shape the future of digital payment in India and unlock your full potential.

What’s in it for YOU

1. SBI Card truly lives by the work-life balance philosophy. We offer a robust wellness and wellbeing program to support mental and physical health of our employees.
2. Admirable work deserves to be rewarded. We have a well curated bouquet of rewards and recognition program for the employees.
3. Dynamic, Inclusive and Diverse team culture 
4. Gender Neutral Policy
5. Inclusive Health Benefits for all - Medical Insurance, Personal Accidental, Group Term Life Insurance and Annual Health Checkup, Dental and OPD benefits
6. Commitment to the overall development of an employee through comprehensive learning & development framework

Role Purpose 

The Security Governance & Compliance Lead  will work to deliver the objectives within SBI Card's Security strategy and further enhance Information security program that identifies and addresses security governance and Compliance requirements. The person will be responsible for managing the process of gathering, analysing & assessing the current & future information security governance and compliance trends as well as maintain & monitor the  information security best practices as they evolve.

Role Accountability

Policies, Procedures and Standards:

1. Perform risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments (including downstream outsourcers) and other requests from the business in line with the GRC roadmap
2. Act as security risk management ambassador to internal customers.
3. Establish and maintain security metrics and reporting.
4. Ensure implementation and compliance of requirements derived from various legal and regulatory frameworks. 
5. Support Respond to customer security/compliance questionnaires.
6. Work with various operational and business teams to drive toward a cohesive view of security risk and drive remediation items to closure. Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders.
7. Monitor the security risk profiles of our suppliers to objectively determine high risk suppliers that require additional review.
8. Work with business and technical team members, third party vendors and auditors to ensure adherence to various compliance standards.
9. Ensure timely closure of action points, observations from various audits / assessments etc.
10. Participate in planning, scheduling and preliminary analysis for all internal and external audits such as ISO 27001, PCI DSS etc.

Information Security Performance Management:

1. Ensure metrics to evaluate the information security programs are tracked and reported.
2. Implement recommendations provided for areas needing improvement.
3. Drive closure of observations from various audits / assessments in a timely manner
4. Monitor compliance of Information and cyber security policy/standards, applicable laws, regulations, and standards including ISO 27001, PCI-DSS etc. 
5. Recommends improvements in processes and control procedures, effectiveness and efficiency of control mechanisms and methods of risk reduction to comply with various standard.
6. Conduct compliance assessments, provide advice and guidance on the applications/technology and operations for various compliance requirements.

Information Security Awareness/Trainings:

1. Actively participate in performing Information Security Awareness trainings and keeping track of compliance
2. Support evaluation of the effectiveness of awareness and training programs and make recommendations for improvement.
3. Conducts knowledge transfer training sessions to security operations team upon technology implementation. 

Project/Work Planning:

1. Provides project management support for Information risk management projects. 
2. Ensure timely and quality delivery of projects while adhering to project budgets.
3. Liaisons with IT teams to ensure security is engaged in all projects.

Measures of Success 

1. Perodically update Information Security & other related policies and procedures to align them to industry best practices and regulatory requirements
2. Successfully mantain all Information Security related compliances and certifications, i.e. ISO27001, PCI-DSS, NIST etc. 
3. Conduct periodic Information Security Risk assessments
4. Increase in maturity of Information Security Matrix
5. Support audits and assessments conducted by both Internal stakeholders (Internal Audit, Compliance, Risk etc.) and external auditors (Regulator)
6. No major observations or findings in audits
7. Increased Information Security awareness within the enterprise

Technical Skills / Experience / Certifications 

1. One or more Industry standard certifications such as CISSP, CISM, CISA
2. Demonstrable understanding within Cyber Security, Data Security & Information technology areas
3. Functional knowledge of ISMS domains and information security industry standard and best practices
4. Prior experience in managing Information Security & Risk Management Programs in a complex/Large environment.
5. Excellent communication skills and ability to mentor effectively communicate information/ cyber risks to management/ CXOs.
6. Sound knowledge of industry best practices and popular frameworks like ISO 27001:2013, COBIT, NIST and standards/regulations like PCI-DSS, RBI
7. Extensive knowledge of information security management systems
8. Good Documentation. Conducting internal assessments of IT Policies, Standards and Process compliance with IT Audit standards
9. Strong business, process & financial acumen

Competencies critical to the role

1. 'Demonstrate leadership skills achieving stated objectives, coordinating with a diverse set of stakeholders and managing multiple audits and assessments at once.
2. Demonstrate ability to continuously coordinate with multiple parties and supervisors while maintaining independence.
3. Demonstrate communication skills to address different audiences, from various auditee belonging to different functions to regulators, external auditors etc.
4. Demonstrate self-starter with ability to gain required knowledge in dynamic environments and remain up to date.
5. Experience in technical training and in conducting awareness sessions.
6. Experience in dealing successfully with different business and external stakeholders. 
7. Good Analytical, problem solving and inter-personal skills.

Qualification 

Bachelor’s Degree in any relevant stream

Preferred Industry

BFSI, NBFC, ITES, Telecom