IT Risk and Compliance Officer

job summary

The purpose of the position is to manage, support, and coordinate all information security activities and programs for the branch. He / she shall be primarily responsible for ensuring compliance to various instructions issued by the RBI on information / cyber security via process re-engineering and documentation. The purpose of this position to manage, support and coordinate all Information Security activities, programs and initiatives of the Bank.

Work Responsibilities – Manager / Senior Manager (I.T. Cyber Security)

• Information Security Governance
• Responsible for maintaining and periodically updating Information Security Policies in alignment with organizational, regulatory, and RBI guidelines.
• Monitoring and ensuring compliance with statutory and regulatory frameworks, including RBI, NPCI, and CERT-In directives.
• Security Awareness and Training
• Designing and conducting the Information Security Training and Awareness Program for all staff.
• Ensuring security awareness through multiple communication channels such as e-learning modules, mailers, and awareness sessions.
• Risk, Continuity, and Vendor Management
• Active participation in the development, implementation, and maintenance of Business Continuity Plans (BCP), Disaster Recovery (DR) plans, and Vendor Risk Assessment policies.
• Periodically testing and reviewing DR drills, ensuring alignment with RBI's Cyber Security Framework.
• Information Security and IT Risk Management
• Developing, implementing, and monitoring a comprehensive enterprise-wide Information Security and IT Risk Management program.
• Overseeing security controls, vulnerability management, and threat mitigation strategies.
• Technical Oversight and Problem Management
• Hands-on experience in Incident Management, Problem Management, Change Management, and Critical Incident Handling.
• Driving technical troubleshooting, coordinating escalations, managing communication, ensuring timely resolution, and preparing detailed RCA (Root Cause Analysis) reports.
• System and Application Monitoring
• Monitoring daily server logs, applications, and infrastructure health to maintain 99.9% system uptime.
• Ensuring preventive maintenance and prompt resolution of issues affecting business continuity.
• Documentation and Process Management
• Preparing and maintaining detailed IT procedural documentation, user manuals, and operational guidelines.
• Maintaining updated documentation for IT Security compliance and audit readiness.
• Audit and Compliance Coordination
• Coordinating and tracking all IT and Security-related audits (RBI, NPCI, IS Audit, VAPT, and internal / external audits).
• Ensuring timely closure of audit observations and submission of compliance reports to regulatory authorities.
• Data Classification and Protection
• Conducting Data Classification Assessments and enforcing data protection controls in line with regulatory norms.
• Security Responsibilities
• Ensuring compliance with RBI's Cyber Security Framework and IT Governance requirements.
• Overseeing cyber incident detection, response, and timely reporting to RBI and CERT-In.
• Coordinating quarterly Cyber Security Posture Assessments and follow-up of mitigation actions.
• Supervising vendor risk management, access control, endpoint protection, and network segmentation.
• Preparing and submitting quarterly cyber security compliance reports, and participating in RBI's IT / Cyber Security examinations.
• Data Privacy
• Implementing Data privacy frameworks for collection, processing, storage, and sharing of personal data.
• Ensuring lawful processing of personal data and obtaining consent in accordance with regulatory requirements.
• Monitoring data retention and deletion policies to prevent unauthorized retention of personal data.
• Conducting Privacy Impact Assessments (PIA) for new systems or applications handling personal data.
• Ensuring timely reporting and response in case of personal data breach incidents, as per DPDP notification requirements.
• Leading staff sensitization programs on data privacy principles, lawful use, and user rights under the DPDP Act.
• Maintaining and reviewing Data Protection Policy, Consent Management Mechanism, and Data Subject Rights procedures.
• Overall IT Governance and Reporting
• Supporting IT leadership in the evaluation and adoption of emerging technologies while balancing security and operational efficiency.
• Clearly articulating pros and cons of technical solutions and documenting use cases, solution architectures, and recommendations for management review.

desired skills