Talent.com
Security Controls Assessor

Security Controls Assessor

IDFC FIRST Bankmumbai, maharashtra, in
2 days ago
Job description

Job Title : Security Controls Assessor

Experience : 7–8 Years (Relevant : 3-4 years) | Industry : Banking / Financial Services | Location : [Airoli – Navi Mumbai]

Reports To : Information Security Manager

Role Overview :

The Security Controls Assessor – Data Protection / DLP will be responsible for ensuring effective design, implementation, and monitoring of data security and protection controls across the bank’s environment. The role involves end-to-end ownership of DLP operations, incident management, and governance , ensuring compliance with regulatory standards and internal security policies. The position requires close coordination with internal teams and external vendors to ensure robust protection of sensitive data.

Key Responsibilities :

  • Ensure data classification and protection technologies are aligned with business, compliance, and regulatory requirements.
  • Own the incident management process and operational aspects of DLP, ensuring timely triage, investigation, escalation, and closure.
  • Work closely with vendor teams to monitor, track, and resolve incidents through to closure.
  • Translate business data protection requirements into effective DLP rules, policies, and workflows to prevent data leakage.
  • Provide expert guidance on DLP rule creation, fine-tuning, and integration with enterprise and third-party systems.
  • Drive integration of DLP with third-party tools and security platforms such as SIEM, SOAR, CASB, and Endpoint Protection solutions.
  • Own and manage the data leakage incident monitoring program , ensuring accurate reporting and timely remediation.
  • Conduct technology risk assessments of IT systems, applications, and data workflows, identifying and mitigating security gaps.
  • Liaise with ISG, SOC, IT Security, and Infrastructure teams for risk mitigation, configuration validation, and incident resolution.
  • Collaborate with Business and InfoSec teams to align data protection measures with business workflows and compliance mandates.
  • Provide support during regulatory audits (RBI, ISO 27001, GDPR, etc.) by maintaining relevant documentation and audit trails.
  • Develop and maintain secure configuration documents and data protection governance frameworks .
  • Recommend strategic enhancements to improve data protection posture and DLP operational efficiency.
  • Communicate data security risks, incident status, and remediation progress to stakeholders and leadership.
  • Continuously drive process improvement and maturity enhancement of DLP operations and incident management practices.

Skills & Technical Expertise :

  • Core Competencies : Data Loss Prevention (DLP), Data Protection, Data Classification, Incident Management, Security Risk Assessment, Vendor Coordination
  • Tools & Platforms :
  • Microsoft O365 DLP
  • McAfee / Trellix DLP
  • Netskope (CASB / DLP)
  • Titus / Bolden James (Data Classification)
  • Seclore / other DRM solutions
  • Proxy implementations and operational management
  • SIEM / SOAR tools integration experience preferred
  • Knowledge Areas :
  • DRM, encryption (in transit and at rest), data masking, secure configuration management
  • Data protection frameworks (RBI, ISO 27001, GDPR) and technology governance

    • Experience Requirements :

  • 3–4 years of relevant experience in DLP operations , incident management , and data protection governance , preferably within the Banking or BFSI sector .
  • Hands-on experience with rule configuration, policy fine-tuning , and incident monitoring in enterprise-scale DLP environments.
  • Experience in integrating DLP tools with third-party platforms (e.g., CASB, SIEM, Proxy, Endpoint Security).
  • Proven experience in coordinating with vendors for incident handling, escalation, and closure.

    • Desired (Good to Have) :

  • Practical exposure to Microsoft 365 Security & Compliance Center , Netskope CASB / DLP , and McAfee / Trellix DLP .
  • Understanding of cloud data protection, insider threat management, and data governance .
  • Experience preparing secure configuration documents and performing risk assessments .
  • Relevant certifications such as CompTIA Security+ , CISM , CISA , or Netskope NCCSS .

    • Soft Skills :

  • Strong analytical, investigative, and problem-solving skills.
  • Excellent communication and stakeholder coordination abilities.
  • Ability to manage vendors and cross-functional teams effectively.
  • Attention to detail, ownership mindset, and commitment to process excellence.
  • Ability to work under regulatory and operational pressure while maintaining accuracy and composure.
    • Create a job alert for this search

    Security • mumbai, maharashtra, in