Senior Manager - Vulnerability Management

About Us

SBI Card is a leading pure-play credit card issuer in India, offering a wide range of credit cards to cater to diverse customer needs. We are constantly innovating to meet the evolving financial needs of our customers, empowering them with digital currency for seamless payment experience and indulge in rewarding benefits. At SBI Card, the motto 'Make Life Simple' inspires every initiative, ensuring that customer convenience is at the forefront of all that we do. We are committed to building an environment where people can thrive and create a better future for everyone.

SBI Card is proud to be an equal opportunity & inclusive employer and welcome employees without any discrimination on the grounds of race, colour, gender, religion, creed, disability, sexual orientation, gender identity, marital status, caste etc. SBI Card is committed to fostering an inclusive and diverse workplace where all employees are treated equally with dignity and respect which makes it a promising place to work.

Join us to shape the future of digital payment in India and unlock your full potential.

What’s in it for YOU

1. SBI Card truly lives by the work-life balance philosophy. We offer a robust wellness and wellbeing program to support mental and physical health of our employees
2. Admirable work deserves to be rewarded. We have a well curated bouquet of rewards and recognition program for the employees
3. Dynamic, Inclusive and Diverse team culture 
4. Gender Neutral Policy
5. Inclusive Health Benefits for all - Medical Insurance, Personal Accidental, Group Term Life Insurance and Annual Health Checkup, Dental and OPD benefits
6. Commitment to the overall development of an employee through comprehensive learning & development framework

Role Purpose 

Responsible for implementing and managing Infrastructure vulnerability tools and processes to reduce technical risks due to vulnerabilities, including identifying and evaluating vulnerabilities and supporting remediation activities. This role is also responsible for leveraging expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT landscape across SBIC Card environment.

Role Accountability 

1. Lead the Vulnerability Assessment, Penetration Testing & Patch Management Program in support of the functional & company strategy, goals, and performance objectives
2. Manage development, implementation, and effectiveness of vulnerability management and security testing programs, initiatives, and capabilities
3. Assist with planning, providing input on capabilities and methods used for vulnerability management and security testing, and driving improvements
4. Develop Vulnerability management framework, support compliance and risk management activities, recommending security controls and corrective actions to mitigate vulnerability risks
5. Provide technical expertise for information security policies and standards
6. Conduct vulnerability assessments and penetration testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience
7. Perform vulnerability risk profiling and prioritization of vulnerabilities
8. Identify, research, validate, and exploite various different known and unknown security vulnerabilities on server and client side
9. Perform regular status reviews with IT asset owners & senior leadership to ensure compliance with InfoSec policies
10. Coordinate patch management/Remediation activities for all IT assets (workstations, network, server, application, database etc.)
11. Develop and Monitor patch deployment schedules for all Vulnerability assessments and penetration testing on an ongoing basis as well as auditing for completeness
12. Provide communications across the organization, interfacing with senior leadership on vulnerability remediation, driving security hardening best practices, and representing the Vulnerability and Patch Management team
13. Maintain relationship with managed security services vendor leadership to ensure effective implementation and operation of security programs, ongoing support and deployment of competent resources
14. Oversee the development, implementation and maintenance of vendor standard operating procedures/ run book in line with SBI Card policies & standards
15. Provide technical & program management expertise and oversight over vendor teams
16. Monitor vendor SLAs, perform regular review with vendor management and report to SBI Card leadership
17. Ensure process documentation and compliance adherence

Measures of Success 

1. Reduction in security vulnerabilities in SBI Card IT platforms
2. Number of enhancement opportunities identified for the security posture to reduce overall risk to SBI Card
3. Reduction in information leakage and exploitation from vulnerabilities
4. Security metrics / SLA / KPIs are within acceptable threshold
5. Timely updation of Application Security & Vulnerability Management related standards and SOPs and other documents 
6. No adverse observations in Internal / External Audits 
7. Process Adherence as per MOU

Technical Skills / Experience / Certifications

1. Understanding of Vulnerability Management Program including Assessment and Remediation
2. Experience analyzing risk and prioritization of vulnerabilities, validating vulnerability reports and driving remediation.
3. Understanding of the overall threat and vulnerability management process, including metrics to measure performance
4. Working knowledge of compliance frameworks and security management standards (e.g., ISO 27001, NIST CSF. PCI-DSS etc.)
5. Thorough understanding of enterprise security controls, network protocols and operating system (Windows/Linux environments)
6. Strong knowledge in industry standard VAPT tools like Nessus, Rapid7, AWS Inspector and open-source tools

Competencies critical to the role

1. Stakeholder Management
2. Analytical ability
3. Innovation & Problem Solving
4. Market Awareness

Qualification

Bachelor of Engineering in Computer Science / Engineering, Masters in Computer Science

Preferred Industry

BFSI / NBFC /E-commerce/IT & ITES / Telecom