Security Risk Assessor

Job Title : Security Controls Assessor

Experience : 7–8 Years (Relevant : 3-4 years) | Industry : Banking / Financial Services | Location : [Airoli – Navi Mumbai]

Reports To : Information Security Manager

Role Overview :

The Security Controls Assessor – Data Protection / DLP will be responsible for ensuring effective design, implementation, and monitoring of data security and protection controls across the bank’s environment. The role involves end-to-end ownership of DLP operations, incident management, and governance , ensuring compliance with regulatory standards and internal security policies. The position requires close coordination with internal teams and external vendors to ensure robust protection of sensitive data.

Key Responsibilities :

• Ensure data classification and protection technologies are aligned with business, compliance, and regulatory requirements.
• Own the incident management process and operational aspects of DLP, ensuring timely triage, investigation, escalation, and closure.
• Work closely with vendor teams to monitor, track, and resolve incidents through to closure.
• Translate business data protection requirements into effective DLP rules, policies, and workflows to prevent data leakage.
• Provide expert guidance on DLP rule creation, fine-tuning, and integration with enterprise and third-party systems.
• Drive integration of DLP with third-party tools and security platforms such as SIEM, SOAR, CASB, and Endpoint Protection solutions.
• Own and manage the data leakage incident monitoring program , ensuring accurate reporting and timely remediation.
• Conduct technology risk assessments of IT systems, applications, and data workflows, identifying and mitigating security gaps.
• Liaise with ISG, SOC, IT Security, and Infrastructure teams for risk mitigation, configuration validation, and incident resolution.
• Collaborate with Business and InfoSec teams to align data protection measures with business workflows and compliance mandates.
• Provide support during regulatory audits (RBI, ISO 27001, GDPR, etc.) by maintaining relevant documentation and audit trails.
• Develop and maintain secure configuration documents and data protection governance frameworks .
• Recommend strategic enhancements to improve data protection posture and DLP operational efficiency.
• Communicate data security risks, incident status, and remediation progress to stakeholders and leadership.
• Continuously drive process improvement and maturity enhancement of DLP operations and incident management practices.

Skills & Technical Expertise :

Experience Requirements :

Desired (Good to Have) :

Soft Skills :