Information Technology Risk Manager

We’re Hiring : IT – Risk Manager | Mumbai

Location : Mumbai

Working Days : 5 Days

Experience- 4+ Years

Industry : Banking

Certifications

CEH – Mandatory

Security+, CISM, CISA, OSCP – Good to Have

Are you passionate about cybersecurity, risk management, and building secure digital ecosystems? We are looking for an experienced IT – Risk Manager to join our growing team and help strengthen our security posture across applications, infrastructure, and operations.

Key Responsibilities

1. Vulnerability Management & Testing

Perform VAPT for web / mobile applications, APIs, and infrastructure.

Collaborate with penetration testers and ensure vulnerability closure within SLAs.

Conduct configuration reviews for firewalls, servers, and endpoints.

Recommend remediation actions and validate fixes.

Maintain reports in line with RBI, PCI DSS, and internal compliance requirements.

2. Change Management & Secure Configuration Review

Participate in change management processes with a strong security lens.

Assess risks associated with deployment models and configurations.

Maintain documentation across SDLC and change workflows.

3. Application & API Security Lifecycle

Define and implement security frameworks for applications & APIs.

Perform end-to-end API security testing aligned with OWASP API Top 10.

4. Threat Identification & Risk Assessment

Conduct threat modelling and vulnerability scans regularly.

Keep track of zero-day vulnerabilities and evolving threats.

Work with security teams to strengthen detection and prevention strategies.

5. Security Incident Response

Investigate and respond to incidents promptly.

Maintain and execute Incident Response Plans (IRPs).

Lead post-incident analysis and continuous improvement initiatives.

6. Governance, Compliance & Documentation

Ensure compliance with RBI cybersecurity guidelines and ISO 27001.

Maintain logs, audit trails, and documentation of vulnerabilities and incidents.

Support audits and regulatory reviews.

Develop security frameworks for firewalls, servers, endpoints, applications, and APIs.

7. Advisory & Collaboration

Work closely with Dev, DevOps, and IT Infra teams to embed security.

Recommend improvements in hardening and secure coding.

Assist in designing secure architectures.

8. Continuous Learning & Knowledge Management

Stay updated on latest cybersecurity trends and regulations.

Participate in training, webinars, and security communities.

Recommend new tools and frameworks for enhanced security.

Required Skills

Hands-on experience with VAPT tools : Burp Suite, OWASP ZAP, Nessus, Nmap, Postman.

Strong understanding of OWASP Top 10, API Security & secure coding.

Experience in configuration reviews (firewalls, servers, endpoints, API gateways).

Familiarity with DevSecOps & CI / CD security integrations.

Knowledge of OAuth 2.0, JWT, API keys, rate limiting, etc.

Experience with incident response tools like Splunk, CrowdStrike.