National Lead - Information Security

Location Name: Pune Corporate Office - Mantri

Job Purpose

“This position is open with Bajaj Finance Ltd.”

Duties And Responsibilities

•  Developing Security Strategies: Create and implement comprehensive security strategies for all applications within the organization, ensuring alignment with business objectives and compliance requirements.
•  Risk Assessment and Management: Conduct thorough risk assessments to identify potential security vulnerabilities in applications. Develop and implement risk management strategies to mitigate identified risks effectively.
•  Security Architecture Design: Design robust security architectures for applications, considering industry best practices and emerging threats. Ensure that security measures are integrated into the application development lifecycle.
•  DevSecOps: Support DevSecOps process by taking ownership of Security aspects in development lifecycle.
•  Security Testing and Assessment: Oversee the implementation of security testing processes, including vulnerability assessments, penetration testing, API security, red teaming and code reviews. Analyse test results and provide recommendations for remediation.
•  Incident Response and Management: Develop incident response plans and procedures for addressing security incidents related to applications. Lead incident response efforts, including containment, investigation, and resolution.
•  Cyber Fraud Management: Collaborate with Enterprise Fraud Management Team for minimising Cyber Frauds across Consumer and Enterprise Apps.
•  Cyber Exposure Management: Supporting sustenance operations for discovery threats on Surface Web, Dark Web, Phishing Websites, Malicious Apps and takedown efforts.
•  Security Awareness and Training: Develop and deliver security awareness programs to educate employees about application security best practices and promote a culture of security throughout the organization.
•  Security Code Review and SBOM: Engineer and Run the established practices of secure coding practices compliance. Run the operations of secure code reviews and SBOM, along with remediation tracking of the reported issues.
•  Compliance and Regulatory Alignment: Ensure that application security practices align with relevant industry regulations and compliance requirements. Stay abreast of regulatory changes and update security practices accordingly.
•  Vendor and Third-Party Risk Management: Evaluate the security posture of third-party applications and vendors to assess potential risks. Develop strategies for managing and mitigating third-party security risks.
•  Collaboration and Communication: Collaborate with cross-functional teams, including developers, engineers, and business stakeholders, to integrate security into the application development process. Communicate security risks and recommendations effectively to executive leadership.
•  Continuous Improvement: Stay current with the latest trends, technologies, and threats in application security. Continuously assess and enhance security processes and controls to adapt to evolving threats.
  
  
  

•  Engineering / Computer Graduate with 10-15 years of Application / Cyber Security Experience
•  Experience from BFSI & Fintech Industry with exposure to regulatory requirements.
•  Experience in Consumer facing app ecosystem
•  Experience in Managing mid-Size Team
•  Relevant Security Certifications like CEH, CPENT, PNPT, EJPT, EWPT, OSCP etc. preferred.
•  Prior experience of Security Testing, OWASP Top 10 and application security
•  Prior experience of Penetration Testing Web Application, Mobile Applications and API Security testing
•  Sound in latest application technologies and network attacks execution
•  Good Written and Verbal Communication with Presentation Skills
•  Good Team Player and sound in stakeholder management
•  Threat Modelling, Cloud Security and WAF basics clarity
•  DevOps / DevSecOps and Source Code security review experience is added boon
•  Well versed with related tools and techniques of all the above
•  Security Testing of AI implementation and LLM security attacks would be added boon