AVP, Specialist, Project & Reg Architect + ATM Security, Technology and Operations

Business Function

Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.

Job Summary:

We are seeking a highly skilled and experienced Security Architect to design, build, and maintain bank's and Vendor security architecture. This role will be responsible for evaluating and improving Bank/Vendor security posture, ensuring that systems, data, applications, and networks are secure and compliant with industry standards, regulations, and best practices and maintaining the ATM Logical security.

Key Responsibilities:

Security Architecture Design:

• Design and implement robust security architectures for cloud, on-premises, and hybrid environments.
• Define security requirements and collaborate with teams to ensure secure system design, privacy principles, and integration.
• Incorporate Zero Trust Architecture, API security, and emerging technologies into design strategies.

Risk Management & Compliance:

• Conduct risk assessments and recommend mitigation strategies.
• Ensure compliance with relevant regulatory frameworks (e.g., ISO 27001, NIST, PCI-DSS).
• Support audits and respond to security-related inquiries, regulatory compliance (e.g. DPSC, RBI Cybersecurity Framework, SEBI CSCRF, IT outsourcing guidelines digital lending norms).

ATM Logical Security:

• Ensure Logical controls on all the bank ATM terminals is inline to bank standard.
• Perform periodic ATM security assessment covering Vulnerability management, Host level security etc.
• Perform periodic Governance of the ATM logical security controls.

Collaboration & Guidance:

• Serve as a security advisor to business units, IT, Business partners, Vendors and Application teams.
• Lead threat modeling exercises and provide security reviews for new systems, Projects or services.

Regulatory Reporting;

• Ensure timely and accurate submission of periodic and ad-hoc returns, statements, and reports of regulatory submissions like Quarterly Cyber KRI, Tranche I, Tranche II, Tranche III etc.
• Maintain records of all regulatory submissions, approvals, and correspondences with RBI.

Training & Awareness:

• Conduct training sessions and awareness programs on RBI regulations and compliance best practices.
• Promote a culture of regulatory compliance and ethical conduct across the organization.

Monitoring & Response:

• Collaborate with Security Operations to develop and improve monitoring and incident response capabilities.
• Assist in the investigation of security breaches and help with the root cause analysis.

Security Tools & Technologies:

• Manage security solutions such as SIEM, EDR, WAF, IAM etc.
• Stay up-to-date on the latest cybersecurity trends, technologies, and threat landscapes.

Education & Experience:

• Bachelors degree in Computer Science, Cybersecurity, Information Technology, or related field (Masters preferred).
• 10+ years of progressive experience in cybersecurity roles, including at least 5 years in a security architecture or engineering position.
• Certifications (preferred but not required): CISSP, CISM, CISA, AWS/Azure/GCP Certified Security Specialty, or similar.

Skills & Competencies:

• Deep understanding of security principles, architectures, and technologies.
• Strong knowledge of cloud platforms (e.g., AWS, Azure, GCP) and cloud security frameworks.
• Familiarity with microservices security, and container security (e.g., Docker, Kubernetes).
• Strong analytical and problem-solving skills.
• Excellent communication skills and ability to work cross-functionally.
• Proven ability to conduct security assessments and interpret security reports.
• Strong analytical, problem-solving, and communication skills to effectively engage with internal and external stakeholders.