Lead - Information Security/Senior Lead - Information Security
Bajaj Finserv · Pune Division, Maharashtra, India
Bajaj Finserv · Pune Division, Maharashtra, India
**Location Name:** Pune Corporate Office - Mantri **Job Purpose** “This position is open with Bajaj Finance Ltd.” **Duties And Responsibilities** - Developing Security Strategies: Create and implement comprehensive security strategies for all applications within the organization, ensuring alignment with business objectives and compliance requirements. - Risk Assessment and Management: Conduct thorough risk assessments to identify potential security vulnerabilities in applications. Develop and implement risk management strategies to mitigate identified risks effectively. - Security Architecture Design: Design robust security architectures for applications, considering industry best practices and emerging threats. Ensure that security measures are integrated into the application development lifecycle. - DevSecOps: Support DevSecOps process by taking ownership of Security aspects in development lifecycle. - Security Testing and Assessment: Oversee the implementation of security testing processes, including vulnerability assessments, penetration testing, API security, red teaming and code reviews. Analyse test results and provide recommendations for remediation. - Incident Response and Management: Develop incident response plans and procedures for addressing security incidents related to applications. Lead incident response efforts, including containment, investigation, and resolution. - Cyber Fraud Management: Collaborate with Enterprise Fraud Management Team for minimising Cyber Frauds across Consumer and Enterprise Apps. - Cyber Exposure Management: Supporting sustenance operations for discovery threats on Surface Web, Dark Web, Phishing Websites, Malicious Apps and takedown efforts. - Security Awareness and Training: Develop and deliver security awareness programs to educate employees about application security best practices and promote a culture of security throughout the organization. - Security Code Review and SBOM: Engineer and Run the established practices of secure coding practices compliance. Run the operations of secure code reviews and SBOM, along with remediation tracking of the reported issues. - Compliance and Regulatory Alignment: Ensure that application security practices align with relevant industry regulations and compliance requirements. Stay abreast of regulatory changes and update security practices accordingly. - Vendor and Third-Party Risk Management: Evaluate the security posture of third-party applications and vendors to assess potential risks. Develop strategies for managing and mitigating third-party security risks. - Collaboration and Communication: Collaborate with cross-functional teams, including developers, engineers, and business stakeholders, to integrate security into the application development process. Communicate security risks and recommendations effectively to executive leadership. - Continuous Improvement: Stay current with the latest trends, technologies, and threats in application security. Continuously assess and enhance security processes and controls to adapt to evolving threats. **Required Qualifications And Experience** - Engineering / Computer Graduate with 10-15 years of Application / Cyber Security Experience - Experience from BFSI & Fintech Industry with exposure to regulatory requirements. - Experience in Consumer facing app ecosystem - Experience in Managing mid-Size Team - Relevant Security Certifications like CEH, CPENT, PNPT, EJPT, EWPT, OSCP etc. preferred. - Prior experience of Security Testing, OWASP Top 10 and application security - Prior experience of Penetration Testing Web Application, Mobile Applications and API Security testing - Sound in latest application technologies and network attacks execution - Good Written and Verbal Communication with Presentation Skills - Good Team Player and sound in stakeholder management - Threat Modelling, Cloud Security and WAF basics clarity - DevOps / DevSecOps and Source Code security review experience is added boon - Well versed with related tools and techniques of all the above - Security Testing of AI implementation and LLM security attacks would be added boon