• Develop and maintain Information Security Program and Policies to provide an efficient, effective and up-to-date risk management environment in support of corporate goals
• Ensure that information security is adequately addressed in the development stage of any new business line technology
• Enforce implementation of IT Security Policies and Procedures relating to all Application systems
• Support the risk management process by analyzing threats to the computing environment
• Analyze threats to the Application Systems Operating Environment
• Communicate security incidents to stakeholders (CSIRT), management.
• Establish and implement a formal process of change control and configuration management for adding, modifying, replacing, or removing critical cyber assets
• Liaison with the development team and ensure that proper security is designed in the applications
• Review user access rights to ensure that policies and procedures for granting, changing & deleting access are being followed and that user privileges are commensurate with the job roles & responsibilities
• Enforce logical and physical security measures over Operating Systems, Databases and related hardware systems
• Ensure that user privileges at the respective Operating System level and Databases are based on a “need to know/ need to do” basis
• Ensure that respective IT communication resources are protected from unauthorized access
• Review audit trails / other system logs to monitor any possible Application specific security breaches
• Ensure that procedures are in place to investigate, resolve and report on security incidents and initiate protective and corrective measures if a security problem is discovered
• Analyze threats to the Application Systems Operating Environment
• Ensure that procedures are in place to investigate, resolve and report on security incidents and initiate protective and corrective measures if a security problem is discovered
• Review to ensure that physical and logical security procedures related to desktop security are being followed