SBI SO Salary and Job Profile

Another Opportunity for the aspirants this year as SBI released the vacancies for the Specialist Cadre Officer. SBI released the notification for the recruitment of Developer, Server administrator, Database Administrator, Cloud Administrator, Network Engineer, Tester, UX designer, IT Risk Management and Cybersecurity. Domains of all the vacancies are to robust SBI diversity in the field of Information technologies, risk and fraud management. SBI requires 475+ Specialist officers on a regular basis.

This is a great opportunity for Working Professionals who have experience of a minimum of 2 years to work with India’s largest Public sector Bank. SBI is among the most technologically advanced bank in India so the aspirants who want to work with the brand name of SBI can apply for this post. Selection process/ Examination pattern also different for the post.


SBI SO Salary
SBI notified Grade, Job profile and KRA for each post in its official notification. The grades are further categorized into 4 Grades. Grades are Junior Management Grade Scale- I (JMGS-I), Middle Management Grade Scale-II(MMGS-II), Middle Management Grade Scale-III (MMGS-III), Senior Management Grade Scale IV (SMGS-IV). Developer, System / Server Administrator, IT Security Expert, Database Administrator, Cloud Administrator, Network Engineer, Tester comes under Junior Management Grade Scale likewise many posts in (MMGS-II), (MMGS-III), (SMGS-IV).

Remuneration of each grade is different

Sr No Grade Scale of Pay
1 Junior Management Grade Scale I (JMGS I) 23700-980/7-30560-1145/2-32850-1310/7-42020
2 Middle Management Grade Scale II (MMGS II) 31705-1145/1-32850-1310/10-45950
3 Middle Management Grade Scale III (MMGS III) 42020-1310/5-48570-1460/2-51490
4 Senior Management Grade Scale IV (SMGS-IV) 50030-1460/4-55870-1650/2-59170

All the officials will be also eligible for DA, HRA, CCA, PF, Contributory Pension Fund, LFC, Medical Facility.

SBI SO Job Profile

The job profile of each post is as follows.

Post Sr No Post  Grade Job Profile & KRA in Brief
1 Developer
(JMGS-I)
• Carry out developments

• Identify and evaluate different IT-related potentials in relation to business needs
• Ensure usability and performance of the solution
• Participate in efforts to drive development of the systems area
Develop solutions designed to maximize business value
• Able to rapidly acquire knowledge of a given domain
• Challenge prevailing solutions and assumptions
• Effective in ensuring that deliverables are in conformance with system architecture and standards for development
Contribute actively to realization of the business unit’s mission and vision
• Cope efficiently with multiple assignments and delivers a high standard
• Communicate efficiently and purposefully with internal customers and business partners
• Demonstrate flexibility and adaptability as required by circumstances
• Actively assist in developing others through, e.g. communicating knowledge and participating in professional networks
• Maintain focus on the quality of own work e.g. by taking unit tests
2
Developer
(MMGS-II)
Carry out developments
• Identify and evaluate different IT-related potentials in relation to business needs
• Ensure usability and performance of the solution
• Participate in efforts to drive development of the systems area
• Develop solutions designed to maximize business value
• Able to rapidly acquire knowledge of a given domain
• Challenge prevailing solutions and assumptions
• Effective in ensuring that deliverables are in conformance with system architecture and standards for development
• Contribute actively to realization of the business unit’s mission and vision
• Cope efficiently with multiple assignments and delivers a high standard
• Communicate efficiently and purposefully with internal customers and business partners
• Demonstrate flexibility and adaptability as required by circumstances
• Actively assist in developing others through, e.g. communicating knowledge
3
System/Server Administrator
(JMGS-I)
System / server installation, configuration and monitoring.
• Responsible for the installation, support and maintenance of a computer system/server/storage/network.
• Patch updation/upgradation and migration.
• Design new computer systems system and server performance
• Avoiding server downtime through scheduled maintenance, ensuring server security, and assisting staff in connecting to the server.
• System performance monitoring and improvement.
• Optimize processes and lead process improvement
• Manage staff and user credentials and frameworks
• Troubleshoot technical issues
• Create and implement training for staff
• Coordinate and provide support for Firewall and network system installation/configuration
• System/server/network security monitoring and capacity planning.
• Risk mitigation planning
• DC/DR server configuration set-up and maintenance
4
Database Administrator
(JMGS-I)
Software installation, configuration and Maintenance:
• Data Extraction, Transformation, and Loading: Efficiently importing large volumes of data that have been extracted from multiple systems into a data warehouse environment.
• Specialized Data Handling: Managing a very large database (VLDB) may require higher-level skills and additional monitoring and tuning to maintain efficiency.
• Database Backup and Recovery:
• Security: Implementing and monitoring best practices to minimize risks.
• Authentication: Setting up employee access is an important aspect of database security. (control who has access and what type of access they are allowed)
• Capacity Planning
• Performance Monitoring: Monitoring databases for performance issues & making configuration changes to the software or add additional hardware capacity
• Database Tuning: Proactively tune a system based on application and usage instead of waiting until a problem develops.
• Troubleshooting: Quickly understand and respond to problems when they occur.
• DC/DR server configuration set-up, maintenance and capacity planning.
5
Cloud Administrator
(JMGS-I)
Setting, configuration and maintenance of Bank’s Cloud environment.
• Virtual Branch complaint management
• DC/DR set up for cloud platform.
• Set pricing for the catalogue items
• Define and activate provisioning rules
• Define and activate tagging rules
• Define change control parameters for cloud resources
• Customize the user experience: Provisioning rules and UI policies
• Define the schedule for downloading billing data
• Approve change requests associated with modifications to cloud resource
• View pending approvals for cloud resources
• View and analyse summary data on cloud resource deployments
• Monitor requests and key metrics for cloud resources
• Deadlock prevention and detection
• Debugging issues
• Managing and monitoring SQL jobs , data export and import , database replication, encryption , ELB, EBS, S3, CloudFront, Aurora
• Maintaining IIS, Apache, PHP sites, .Net sites, FTP sites, SMTP , Linux servers, backup, restore, multiple VPN
• Optimizing queries, table structure, indexing
• Setup secure environment according to client/project requirements
• Capacity planning
6
Network Engineer
(JMGS-I)
Network devices installation and capacity planning.
• Establish networking environment by designing system configuration; directing system installation; defining, documenting, and enforcing system standards
• Maximize network performance by monitoring performance; troubleshooting network problems and outages; scheduling upgrades; collaborating with network architects on network optimization
• Secure network system by establishing and enforcing policies; defining and monitoring access
• Update job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
• Accomplish information systems and organization mission by completing related results as needed
• Reporting network operational status by gathering, prioritizing information; managing projects
• Skills: Tracking Budget Expenses, Project Management, Problem Solving, LAN Knowledge, Proxy Servers, Networking Knowledge, Network Design and Implementation, Network Troubleshooting,
Network Hardware Configuration, Network Performance Tuning,
7
Tester (JMGS-I)
Define test scripts and cases
• Execution of test scripts/cases
• Ongoing improvements in test scripts and maintenance of reports of test cases.
• White-box, Grey-Box and Black-box testing
• Documenting test results
• Ensure that a detailed test scripts/cases, scenarios and instructions are available prior to the start of testing
• Ensure that issues identified during UAT are logged in the Test Log
• Ensure testing takes place within agreed timeframes
• Understanding of business requirements and functional specification documents
• Assistance in defect classification and Reporting
• Provision of data required for preparation of status reports
• Good understanding of Automation Test Tool
• Updation of daily activities in Daily Status Report at the end of day
8
WAS Administrator
(MMGS-II)
WAS installation, configuration and maintenance
• Supporting large scale WAS infrastructures with multiple middle ware products
• Setting up, configuring and troubleshooting WAS & IHS in AIX
• Setting up SSL configuration, Load balancer
Setting up J2EE, IHS Web Server, WebSphere Application Server, SSL, SOA, Unix Shell, Python and Perl etc.
Setting up IBM MQ servers, Oracle / SQL/ DB2 servers and XML, XSL and WSDL
• Setting up Web and Application Servers, Workflow infrastructure and trouble shooting
• Performance tuning and improvements
• Capacity planning
9
Infrastructure Engineer
(MMGS-II)
Installation/ migration/ Up-gradation of WebLogic on Solaris/LINUX/UNIX
• Sizing, capacity planning, evaluation and procurement of hardware.
• Installation of new equipment, hardware swap-outs and component replacements (servers, network equipment and storage)
• Implementation of virtualization.
• Installation and maintenance of electrical supplies and equipment. Installation of associated infrastructure such as network patching
• Network cabling and testing
• Supplier liaison – arranging orders and deliveries with infrastructure vendors
• Experience of web application deployment on WebLogic using console & command line
• Integration of web servers/application servers and DB servers.
• Management of SSL certs on webservers / app servers
• Troubleshooting of logs, providing logs on demand from different teams (Architects, developers and validations)
• Providing thread /heap dump as per requirement
• Working with different teams during production deployment Automation of the tasks using shell scripting
• Ensure periodic health checks and take appropriate steps for high availability
• Ensure that predefined SLA is maintained
• Ensure that 100% BCP is provisioned in all respect
• Responsible for implementation of ITIL/ITSM tools (Minimal Manual intervention)
• Regular interaction with IT Partners on the Infra roadmap and put up reports to all stake holders
• Responsible for Patch Management as per Bank’s IT/IS Policy
• Regular communication with application owners on above matters
• Ensure documentation of entire architecture design and evaluation work
• Migration to new systems, capacity planning, performance monitoring and improvement.
10
UX Designer (MMGS-II)
Study industry best-practices in UX design
• Designing Wireframe websites and mobile apps
• Work closely with internal design and programming team to collate content and program manage the development of the website
• Work closely with the product team to identify users’ needs and understand how users consume and navigate content
• Carry out an assessment of existing information architecture and identify areas for improvement, including content inventories and audits
• Plan and design the information architecture for the website or applications
• Create use cases and flow diagrams, and define information hierarchies
• Labelling of information
• Create wireframes and taxonomies
• Plan and conduct interviews, user surveys, card sorting and usability tests
• Design and execute studies into user behaviour and attitudes
• Conduct heuristic evaluations
• Help define and refine user personas
• Present and communicate insights in order to help shape long-term product strategy
• Plan and conduct user research and competitor analysis
• Interpret data and qualitative feedback
• Create user stories, personas, and storyboards
• Determine information architecture and create sitemaps
• Create prototypes and wireframes
• Conduct usability testing
11
IT Risk Manager
(MMGS-II)
Responsible for identifying IT Risk including Process, Technology, Cyber Security, Audit, Legal and regulatory compliance. Candidate should be a subject matter expert on IT Risk Management with
proven leadership capability to manage and drive risk management processes at pan-organization level including business functions
• Design enterprise wise IT Risk management framework and supporting implementation. Monitoring of IT Risk in the organization
• Primary interface will be within information technology with further engagement with business entity, data, process, and control owners. This role must conduct risk analysis on, but not limited to,
information systems, proprietary applications, business processes, surround applications, physical environments, third party service providers, information security tools and tactics, as well as business
continuity and disaster recovery capabilities in accordance with established regulations and organization standards
• Continuously identify, assess, measure, document and monitor information technology risk by performing independent risk assessments against IT assets, propriety applications, vendor based
solutions, business processes and third party relationships
• Assist with Risk Management initiatives resulting from risk analysis by developing risk-based corrective action plans along with risk owners and providing oversight in their execution and completion
• Operate as a key project and risk-focused resource for technical and architectural reviews, technology projects, new business process, and change management activities
• Assist in monitoring and reporting risk management related metrics and status presented to management
• Participate in the development of the annual IT Risk Universe and Schedule, maintain the risk register, evaluate new risk threats, and establish control recommendations to mitigate loss of data,
confidentiality, integrity and availability
• Present identified risk findings to management and negotiate suggested action plans
• Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks
• Understanding of latest risk mitigation tools/techniques and their implementation.
12
IT Security Expert
(MMGS-III)
Mitigating IT threats by gathering information and developing plans, Monitoring networks for security breaches, Training users on security protocols, developing best practices and security standards,
Creating and testing disaster recovery procedures to keep IT running in the event of a security breach
• Responsible for reviewing internally developed applications, before they are deployed in to production environment
• Identify the vulnerabilities that can be exploited by potential malicious hacker
• The assessment of application consists of tools based testing, and manually testing with a web browser or designated client software
• The areas include but not limited to VAPT, Input validation, Access Control, Password Policy, Session Management, Authentication Mechanism, Encryption
• Understanding latest IT security tools/techniques
• Developing network security standards and guiding network design to meet corporate requirements
• Conducting network security assessments and monitoring DDOs, WAF, IDS, firewall, and SIEM systems
• Working with internal and external business partners on ensuring that IT infrastructure meet global network security standards
• Actively look for security vulnerabilities in our application and network, reporting issues and describing possible solutions.
• Design and maintain our security infrastructure.
• Stay up to date with security news, keeping an eye out for the latest vulnerabilities and remedies emerging in the field.
• Actively liaise with the development team to ensure secure architecture, thorough automated testing of all source code (e.g., via Test-Driven Development).
• Provide regular reports auditing our current services and latest changes, as well as our internal practices.
• Monitor our server traffic, ticketing and reporting unusual packets.
• Developing and designing security devices and software to ensure the safety of internal products and information
• Managing security measures for information technology system within a networked system
• Operating regular inspections of systems and network processes for security updates
• Conducting audit process for initiating security and safety measures and strategies
• Customizing access to information per rules and necessity
• Maintaining standard information security policy, procedure, and services
13
Project Manager
(MMGS-III)
• Build and lead high-performing, agile team focused on Business, Application, Data and Technology Architecture.
• Build the Enterprise & Tech Architecture (E&TA) as per internationally established standards and keep the same up to date.
• Establish Governance to drive E&TA architecture across the Bank. Ensure the Risks are managed as per the proven practices.
• Build enterprise architecture into the change management process.
• Review the performance and deliverables of the team and ensure the performance meets stakeholders’ expectations. Ensure knowledge upgradation of the stakeholders.
• Deliver products/services in alignment with business needs and objectives. Responsible for multiple teams or departments within the Enterprise.
• Contribute to IT planning, development of strategies/initiatives and product lifecycle/service orientation; determines current and future needs of IT eco-system.
• Oversees portfolio / program / project management responsibilities. Directs financial management and risk management capabilities
• Contribute to stable and secure environment, incident management, product health/patching, and the asset management lifecycle.
• Assist in the definition of project scope and objectives, involving all relevant stakeholders and ensuring technical feasibility
• Develop a detailed project plan to monitor and track progress
• Measure project performance using appropriate tools and techniques
• Successfully manage the relationship with the client and all stakeholders. Coordinate internal resources and third parties/vendors for the flawless execution of projects. Communicate with vendors,
suppliers and executive management to ensure availability of infrastructure, technologies and support.
• Perform periodic training on project management and project management related concepts on a periodic basis
• Conduct benefits assessments of projects on an on-going basis and reports to appropriate stakeholders
• Ensure that all projects are delivered on-time, within scope and within budget
• Perform on-going analysis of projects and reports to relevant stakeholders
• Create and maintain comprehensive project documentation.
• Perform risk management to minimize project risks
• Report and escalate to management as needed
• Manage changes to the project scope, project schedule, and project costs using appropriate verification techniques
• Ensure resource availability and allocation
• Should have strong written, verbal and presentation skills
14
Application Architect
(MMGS-III
• Design and validate application architecture design, middleware architecture design and other technology architecture
• Estimate design efforts, define detailed schedules, evaluate technologies, develop prototypes, architect design
• Change Architecture as per business need and Technology changes
• Understand and apply architect principles, processes, their standards and guidelines
• Take-up complete ownership of the work assigned in terms of quality and timeliness
• Understand, document, and monitor application layering dependencies (User-Interface, Deployment, Public Interface, Application Domain, Application Infrastructure, Technical Frameworks, and
Platforms) and application component dependencies.
• Understand and monitor impacts to and dependencies between existing technical and network environments.
• Define and direct proof-of-concept tasks for proposed architectural interactions.
• Monitor software product, supporting tool, and platform licensing taxonomies for compliance and readiness.
• Define, plan, propose, and select enabling technologies to support packaged or custom applications.
• Prepare approach papers listing technology options, risks, and impacts of various architectural options.
• Define data dependencies within, between, and among various applications and application components.
• Define and direct coordination among database instances between, and across, various applications and application components.
• Document and maintain technical architecture, network architecture, application architecture, and technical application architecture diagrams and descriptions, including releases and versions of
software.
• Document and maintain context diagrams, functional architectures, data architecture, and messaging architecture diagrams and descriptions.
• Ensure that architectural components optimally address business requirements.
• Lead / Participate in technical and infrastructure requirements engineering initiatives.
• Coordinate with other architects, project managers, and team leads to ensure the development matches the system model.
• Coordinate activities with E&TA to ensure broad understanding of architectural approaches and standards across the IT vertical.
• Define architecture risk mitigation plans.
• Monitor emerging technologies and technical releases from product vendors to evaluate applicability toward current efforts.
15
Technical Lead
(MMGS-III)
• Co-ordination with client related to new requirement & support tickets Leading weekly status calls, Tasks allocation & monitoring Team members
• Daily status updates to client Code development & bug fixing Code reviews & quality testing HR Functional Set ups (Core HR, Sales service etc.)
• Use project’s best practices coding standards/secure coding practices.
• Prepare and help team to prepare the Design, Coding and Unit testing
• Should have a very good understanding of the project architecture
• Conduct peer review and provide feedback
• Update tracker with accurate information to identify the risk and issues proactively at the sprint level
• Conduct project risk identification and mitigation action planning with the PM at the project level
• Process check master – to make sure that his team is following all the listed procedures
• Constantly looking for ways to increase the team’s velocity/productivity by eliminates the waste
• People management & Technical management
• Assist project manager in the project coordination/management
• Report the status with alarms, explanations and solutions
• Promptly escalate issues to the reporting manager, Track and resolve issues
• Collaborate within a team environment in the development, testing and support of software development project lifecycles
• Develop web interfaces and underlying business logic
• Prepare any necessary technical documentation
• Track and report daily and weekly activities
• Participate in code reviews and code remediation
• Perform and develop proper unit tests and automation
• Research problems discovered by QA or product support and develop solutions to the problems
• Perform additional duties as determined by business needs and as directed by management
16
Infrastructure Architect
(MMGS-III)
· Designing, articulating and implementing architectural scalability.
• Work in close collaboration with application architect to ensure optimal infrastructure design
• Draw a long-term enterprise level IT Infrastructure Plan
• Ensure that availability requirement are met in the design
• Validate all Infrastructure Changes and obtain necessary approvals from competent authority
• Interact with IT Partners, Consultants
• Evaluate technology, industry trends and identify prospective impact on business
• Participate to develop and manage ongoing enterprise architecture governance structure on basis of business & IT strategies
• Work as IT consultant and business leaders to develop IT infrastructure solutions
• Promote organization architecture process and results to business and IT Departments
• Lead and direct to prepare governing principles to guide decision making Equivalent to infrastructure architecture
• Draw implementation plan for infrastructure architecture on basis of IT strategies and business requirements
• Ensure optimal governance structure and comply with activities related to infrastructure architecture adherence
• Enforce infrastructure architecture execution as well as ongoing refinement tasks
• Selection and evaluation of infrastructure architecture standards commensurate with IT partners
• Consult project teams to fit infrastructure architecture assignments and identify need to modify infrastructure architecture to attain project requirements
• Identify need to change technical architecture to incorporate infrastructure needs.
• Consult with project teams of infrastructure development to achieve healthy architecture infrastructure
• Identify requirements for infrastructures and resources to support infrastructure architecture
• Ensure documentation of entire architecture design and evaluation work
• Develop & execute education plan for infrastructure architecture
17
Infrastructure Engineer
(JMGS-I)
• Installation/ migration/ Up-gradation of WebLogic on Solaris/LINUX/UNIX
• Sizing, capacity planning, evaluation and procurement of hardware.
• Installation of new equipment, hardware swap-outs and component replacements (servers, network equipment and storage)
• Implementation of virtualization.
• Installation and maintenance of electrical supplies and equipment. Installation of associated infrastructure such as network patching
• Network cabling and testing
• Supplier liaison – arranging orders and deliveries with infrastructure vendors
• Experience of web application deployment on WebLogic using console & command line
• Integration of web servers/application servers and DB servers.
• Management of SSL certs on webservers / app servers
• Troubleshooting of logs, providing logs on demand from different teams (Architects, developers and validations)
• Providing thread /heap dump as per requirement
• Working with different teams during production deployment Automation of the tasks using shell scripting
• Ensure periodic health checks and take appropriate steps for high availability
• Ensure that predefined SLA is maintained
• Ensure that 100% BCP is provisioned in all respect
• Responsible for implementation of ITIL/ITSM tools (Minimal Manual intervention)
• Regular interaction with IT Partners on the Infra roadmap and put up reports to all stake holders
• Responsible for Patch Management as per Bank’s IT/IS Policy
• Regular communication with application owners on above matters
• Ensure documentation of entire architecture design and evaluation work
• Migration to new systems, capacity planning, performance monitoring and improvement.
18
IT Security Expert
(JMGS-I)
• Mitigating IT threats by gathering information and developing plans, Monitoring networks for security breaches, Training users on security protocols, developing best practices and security standards,
Creating and testing disaster recovery procedures to keep IT running in the event of a security breach
• Responsible for reviewing internally developed applications, before they are deployed in to production environment
• Identify the vulnerabilities that can be exploited by potential malicious hacker
• The assessment of application consists of tools based testing, and manually testing with a web browser or designated client software
• The areas include but not limited to VAPT, Input validation, Access Control, Password Policy, Session Management, Authentication Mechanism, Encryption
• Understanding latest IT security tools/techniques
• Developing network security standards and guiding network design to meet corporate requirements
• Conducting network security assessments and monitoring DDOs, WAF, IDS, firewall, and SIEM systems
• Working with internal and external business partners on ensuring that IT infrastructure meet global network security standards
• Actively look for security vulnerabilities in our application and network, reporting issues and describing possible solutions.
• Design and maintain our security infrastructure.
• Stay up to date with security news, keeping an eye out for the latest vulnerabilities and remedies emerging in the field.
• Actively liaise with the development team to ensure secure architecture, thorough automated testing of all source code (e.g., via Test-Driven Development).
• Provide regular reports auditing our current services and latest changes, as well as our internal practices.
• Monitor our server traffic, ticketing and reporting unusual packets.
• Developing and designing security devices and software to ensure the safety of internal products and information
• Managing security measures for information technology system within a networked system
• Operating regular inspections of systems and network processes for security updates
• Conducting audit process for initiating security and safety measures and strategies
• Customizing access to information per rules and necessity
• Maintaining standard information security policy, procedure, and services
19
IT Security Expert
(MMGS-II)
• Mitigating IT threats by gathering information and developing plans, Monitoring networks for security breaches, Training users on security protocols, developing best practices and security standards,
Creating and testing disaster recovery procedures to keep IT running in the event of a security breach
• Responsible for reviewing internally developed applications, before they are deployed in to production environment
• Identify the vulnerabilities that can be exploited by potential malicious hacker
• The assessment of application consists of tools based testing, and manually testing with a web browser or designated client software
• The areas include but not limited to VAPT, Input validation, Access Control, Password Policy, Session Management, Authentication Mechanism, Encryption
• Understanding latest IT security tools/techniques
• Developing network security standards and guiding network design to meet corporate requirements
• Conducting network security assessments and monitoring DDOs, WAF, IDS, firewall, and SIEM systems
• Working with internal and external business partners on ensuring that IT infrastructure meet global network security standards
• Actively look for security vulnerabilities in our application and network, reporting issues and describing possible solutions.
• Design and maintain our security infrastructure.
• Stay up to date with security news, keeping an eye out for the latest vulnerabilities and remedies emerging in the field.
• Actively liaise with the development team to ensure secure architecture, thorough automated testing of all source code (e.g., via Test-Driven Development).
• Provide regular reports auditing our current services and latest changes, as well as our internal practices.
• Monitor our server traffic, ticketing and reporting unusual packets.
• Developing and designing security devices and software to ensure the safety of internal products and information
• Managing security measures for information technology system within a networked system
• Operating regular inspections of systems and network processes for security updates
• Conducting audit process for initiating security and safety measures and strategies
• Customizing access to information per rules and necessity
• Maintaining standard information security policy, procedure, and services
20
IT Risk Manager (IS Dept.)
(MMGS-II)
• Responsible for identifying IT Risk including Process, Technology, Cyber Security, Audit, Legal and regulatory compliance. Candidate should be a subject matter expert on IT Risk Management with
proven leadership capability to manage and drive risk management processes at pan-organization level including business functions
• Design enterprise wise IT Risk management framework and supporting implementation. Monitoring of IT Risk in the organization
• Primary interface will be within information technology with further engagement with business entity, data, process, and control owners. This role must conduct risk analysis on, but not limited to,
information systems, proprietary applications, business processes, surround applications, physical environments, third party service providers, information security tools and tactics, as well as business
continuity and disaster recovery capabilities in accordance with established regulations and organization standards
• Continuously identify, assess, measure, document and monitor information technology risk by performing independent risk assessments against IT assets, propriety applications, vendor based
solutions, business processes and third party relationships
• Assist with Risk Management initiatives resulting from risk analysis by developing risk-based corrective action plans along with risk owners and providing oversight in their execution and completion
• Operate as a key project and risk-focused resource for technical and architectural reviews, technology projects, new business process, and change management activities
• Assist in monitoring and reporting risk management related metrics and status presented to management
• Participate in the development of the annual IT Risk Universe and Schedule, maintain the risk register, evaluate new risk threats, and establish control recommendations to mitigate loss of data,
confidentiality, integrity and availability
• Present identified risk findings to management and negotiate suggested action plans
• Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks
• Understanding of latest risk mitigation tools/techniques and their implementation.
21
Infrastructure Architect
(MMGS-II)
• Designing, articulating and implementing architectural scalability.
• Work in close collaboration with application architect to ensure optimal infrastructure design
• Draw a long term enterprise level IT Infrastructure Plan
• Ensure that availability requirement are met in the design
• Validate all Infrastructure Changes and obtain necessary approvals from competent authority
• Interact with IT Partners, Consultants
• Evaluate technology, industry trends and identify prospective impact on business
• Participate to develop and manage ongoing enterprise architecture governance structure on basis of business & IT strategies
• Work as IT consultant and business leaders to develop IT infrastructure solutions
• Promote organization architecture process and results to business and IT Departments
• Lead and direct to prepare governing principles to guide decision making Equivalent to infrastructure architecture
• Draw implementation plan for infrastructure architecture on basis of IT strategies and business requirements
• Ensure optimal governance structure and comply with activities related to infrastructure architecture adherence
• Enforce infrastructure architecture execution as well as ongoing refinement tasks
• Selection and evaluation of infrastructure architecture standards commensurate with IT partners
• Consult project teams to fit infrastructure architecture assignments and identify need to modify infrastructure architecture to attain project requirements
• Identify need to change technical architecture to incorporate infrastructure needs.
• Consult with project teams of infrastructure development to achieve healthy architecture infrastructure
• Identify requirements for infrastructures and resources to support infrastructure architecture
• Ensure documentation of entire architecture design and evaluation work
• Develop & execute education plan for infrastructure architecture
22
Deputy Manager
(Cyber Security – Ethical
Hacking) (MMGS-II)
• Performing periodic Internal Ethical Hacking and red team exercises comprising Web Application Security Testing , Mobile App security testing, Network, System and Application vulnerability
assessment & penetration testing, ICS/IoT device security testing.
• Proactively engage with stakeholders, build strong relationships with the management of business and auditors, to facilitate vulnerability discovery and remediation efforts.
• Perform security risk assessments that support business requirements, and recommend mitigations and countermeasures to address risks, vulnerabilities and cyber threats
• Participate in application security assessments.
• Perform network security assessments and security configuration reviews.
• Assist in development and implementation of information / cyber security management policies, procedures, and standards based on NIST standards, industry best practices, and compliance
requirements.
23
Deputy Manager
(Cyber Security – Threat
Hunting) (MMGS-II)
• Must have performed Threat hunting on a regular basis
• Scripting skills are desirable.
• Perform reverse engineering on malware as required to facilitate investigation and analysis
• Assessing feeds, events collected and fine-tuning rules as appropriate
• Characterize suspicious binaries and be able identify traits, C2, and develop network and host-based IOCs.
• Identify potential malicious activity from memory dumps, logs, and packet captures
• Interact and assist other investigative teams within organization.
• Participate as part of a close team of technical specialists on coordinated responses and subsequent remediation of security incidents.
24
Deputy Manager
(Cyber Security – Digital
Forensic) (MMGS-II)
• Conduct Forensic examination of digital and other evidences and analyze the incidents for forensic investigations using Forensic Tools (Commercial and Open source tools).
• Assist in development and implementation of information / cyber security management policies, procedures, and standards based on NIST standards, industry best practices, and compliance
requirements.
25
Security Analyst
(MMGS-III)
• Be a senior / L3 level security analyst and shift in-charge of various shifts of SOC operations like Incident Management, VAPT, Infrastructure management etc.
• Be the Subject Matter Expert (SME) of SOC areas assigned to you for day to day operations
• Perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring
• Lead Threat hunting activities, Incident Management and Forensics analysis.
• Ensure all threat intelligence received from 3rd party, regulators and governing bodies are curated and operationalized.
• Guide L1 & L2 level officials in the SOC in logs analysis for incident creation, verify correctness of incidents remediation by application / asset owner (AO), guide the AOs for proper remediation, and
manage escalation with AOs.
• Manage shift takeover and handover activities with proper records for audits
• Implement SOPs in the SOC from People, Processes and Technologies standpoint
• Ensure SOC technologies are fine tuned to run optimally, securely and reliably.
• Responsible for integration of all standard and non-standard logs with SIEM/UEBA/DAM/NBA etc. (as applicable)
• Create intuitive dashboards, create rules, signatures, decoders / parsers, models, patterns
• Collaborate, coordinate with IT & other stakeholders, build and maintain positive working relationships with them.
• Understand cyber-attack tools techniques and procedures, perform in-depth analysis of security logs in an attempt to detect unauthorized behavior and activities.
• Prepare management and regulatory reports, MIS
• Closely collaborate with stakeholders in IT and others for day to day SOC related operational and tactical standpoint
KRA:
• Recommend deployment, integration, logs parsing/ decoding techniques, reporting, analysis, remediation, dash-boarding, querying and MIS techniques in the domain of your SOC operations.
• Directly responsible to create P1 & P2 incidents as individual contributor
• Perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring.
• Individual contributor in Threat hunting activities, Incident Management and Forensics analysis.
• Shift in-charge to manage day to day shifts in SOC
• Ensure SOC setup itself remains secured fortress
• Analysis of critical incidents, mitigation, monitoring, escalations etc.
• Enhance capabilities of L1 & L2 personnel resources for in above areas.
26
Manager
(Cyber Security – Ethical
Hacking)
(MMGS-III)
Managing and leading periodic Internal Ethical Hacking exercise and threat hunting activities.
• Proactively engage with stakeholders, build strong relationships with the management of business and auditors, to facilitate vulnerability discovery and remediation efforts.
• Perform security risk assessments that support business requirements, and recommend mitigations and countermeasures to address risks, vulnerabilities and cyber threats
• Preparation of Standard operating procedures (SOPs) and security solution documents.
• Participate in application security assessments.
• Perform network security assessments and security configuration reviews.
• Performing and leading the Internal Ethical Hacking and red team (IEHRT) exercises.
• Ensure timely compliance of Cyber security assessments and Information Systems audits
• Assist in development and implementation of information / cyber security management policies, procedures, and standards based on NIST standards, industry best practices, and compliance
requirements.
• Assist in Developing, implementing and monitoring the cyber security maturity assessment in the Bank.
• Assisting in activities related to IS Policy, Cyber Security Policy etc.
27
Manager
(Cyber Security – Digital
Forensic) (MMGS-III)
• Managing and leading Digital Forensic analysis Activities.
• Conduct Forensic examination of digital and other evidences and analyse the incidents for forensic investigations using Forensic Tools (Commercial and Open source tools).
• Proactively engage with stakeholders, build strong relationships with the management of business and auditors, to facilitate vulnerability discovery and remediation efforts.
28
Chief Manager
(Vulnerability Mgmt. &
Penetration Testing) (SMGSIV)
Job Profile:
• Lead the VAPT team which conducts Vulnerability Assessment, Penetration, AppSec, Code Review, and Configuration review as also monitors and reports Phishing, Mobile Rogue Apps, Phishing
sites.
• Set strategic directions and maintain proficiency in sync with Global Best practices and various domestic & global regulatory directions and execute them to enhance VAPT program of the Bank.
• Identify vulnerabilities in IT Infra, applications, processes, networking and security setup and provide directions to close the same.
• Keep repository of vulnerabilities like plug-ins and signatures upto-date in VAPT tools.
• Focus on zero-day vulnerabilities and check for their presence in Bank’s environment, collaborate with stakeholders for their remediation and verify the same.
• Proactively engage with various internal and external stakeholders like IT, Business, Regulators, Auditors to ensure vulnerabilities remediation are aligned with business and regulatory objectives.
• Prepare SOPs for VAPT program including detection and remediation of vulnerabilities.
• Lead compliance / remediation verification of vulnerabilities to analyse configurations and facilitate implementation of configurations and hardening settings for networks, operating systems,
applications, databases, and other information system component as per statutory, regulatory requirements, guidelines and security best practices.
• First point of contact for escalation of all technical and process issues. Provide technical subject matter expertise wherever required by IT departments for timely resolution and mitigation of
vulnerabilities.
• Provide suggestions to align various policies Information Security Policy, Cyber Security Policy and related procedures as per global and regulatory standards from VAPT standpoint.
• Managing the work and workloads of the VAPT team and shift hand-off activities for 24X7X365 SOC operations.
• Enhance capabilities of VAPT team through trainings and workshops
• Manage shifts of VAPT team for its 24x7x365 days basis operations
KRA:
• Supervision and management of VAPT program in the Bank and ensuring compliance with various policies like Information Security Policy of the Bank and domestic and foreign regulatory mandates.
• Timely detection of vulnerabilities and guiding the stakeholders for their closure.
• Adoption of global best practices including tools, techniques, methods, processes and align the Bank’s VAPT program accordingly.
• Reduce false positive vulnerabilities.
• Issue timely advisories to stakeholders on zero-day vulnerabilities. Detect and verify closure of the same.
• Automate VAPT processes for detection and closure of vulnerabilities through tools, techniques, methods and processes.
• Management reporting through dashboards leveraging analytics.
• Design and Implement metrics to manage and measure the VA/PT efforts quantitatively and qualitatively.
• Ensure SOC setup itself remains secured fortress
• Closely collaborate with stakeholders in IT and others for day to day SOC related strategic, operational and tactical standpoint
29
Chief Manager
(Incident Management and
Forensics)(SMGS-IV)
Job Profile:
• Lead the operations of Information and Cyber Security Incident Management (IM) team within SOC as per Bank’s Information / Cyber Security Policies, Procedures as also Global standards.
• Set strategic directions for the IM team in line with Bank’s policies, Cyber Crisis Management Plan (CCMP), regulatory requirements and NIST framework.
• Create correlation rules for logs received from disparate IT systems, develop and apply analytical and pattern analysis models on billions of logs received per day by SOC.
• Create playbooks for automating for logs correlation, incident creation, reporting, remediation, escalation & closure verification
• Define and optimize Standard Operating Procedures (SOPs), workflows and processes to support the team in consistent, quality execution of security monitoring and detection.
• Deeply embed threat intelligence received from various internal and external sources into SOC for Real-time correlation and reporting of potential security incident.
• Benchmark SOC Incident Management processes against ISO 27035 standards.
• Collaborate with IT and Business units to Respond and Recover from the security incidents.
• Ensure continued evolution of threat hunting, monitoring, detection, analysis and Incident respond and response capabilities and processes.
• Research on emerging threats and vulnerabilities and development of structured analytical methodologies to utilize threat intelligence inputs.
• Manage Red Team / Blue Team exercises at planned intervals on Bank’s critical infrastructure to measure Bank’s defensive and responsive capabilities towards cyber-attacks.
• Provide technical Incident Response guidance to the L1 and L2 Incident handlers for in depth investigations and performing Root Cause Analysis (RCA) to establish complete cyber kill chain
• Participate in forensic investigation by analyzing and correlating logs collected by SOC.
• Conceptualize, create and demonstrate analytical dashboards and reports to the management.
• Ensure timely submission of regulatory returns.
• Effectively participate Cyber drills, table top exercises conducted by the Bank and regulators.
• Manage the work and workloads of the IM team and shift hand-off activities for 24X7X365 SOC operations.
• Enhance capabilities of IM team through trainings and workshops
KRA:
• Manage incident management functions within SOC and ensure process compliance to statutory and regulatory requirements.
• Automate Detect, Respond and Recover processes for security incidents
• Achieve benchmarking against ISO 27035
• Embed threat intelligence into SOC for real-time proactive threat detection and prevention of potential security incident
• Collaborate with IT and Business in finetuning IT setup for implementing playbooks for security orchestration, automation and response
• Minimize false positive security incidents
• Prioritise incidents into P0, P1, P2, P3 (P0 being cyber-crisis and P3 being Low severity)
• Directly responsible to create P0 & P1 incidents as individual contributor
• Implement learnings to strengthen SOC monitoring and detection capabilities.
• Ensure timely submission of various reports to regulators and internal stakeholders
• Participate effectively in forensic investigation leveraging correlated and analysed logs collated by SOC. Arrive at RCA of security incidents
• Ensure SOC setup itself remains secured fortress
• Closely collaborate with stakeholders in IT and others for day to day SOC related strategic, operational and tactical standpoint
30
Chief Manager
(Security Analytics and
Automation) (SMGS-IV)
Job Profile:
• Responsible for SOC Transformation by leading efforts for automating mundane L1/L2 activities such as alert triage, context and enrichment, live threat feeds, incident response etc.
• Devising security Monitoring and Analytics automation strategy and Identifying processes that can be automated and orchestrated to ensure maximum SOC efficiency and effectiveness.
• Statistical analysis of users and entities to help detect anomalies of users, network, host and content.
• Leverage Non-IT contextual data for and various IT systems like PIMS, IAM, DLP and business applications like CBS, HRMS etc. to build strong use cases on user and entity behavior analysis to
arrive at potential insider threat by malicious user or compromised systems / user credentials.
• Threat intelligence curation and automating it for SOC monitoring tools consumption.
• Closely work with IT departments, Threat Intelligence, incident management and Forensics teams to understand, define, develop, and integrate automation and orchestration capabilities.
• Managing creation and optimization of security incident playbooks reviewing and validating new Use Cases.
• Measurable reduction in mean time to detect (MTTD) and mean time to respond (MTTR) for security incidents.
• Issue advisories based on incidents to proactively avoid occurrences of the same in other domains
• Issue advisories to stakeholders in IT and Business based on external threat intelligence for taking proactive measures
• Enhance SOC capabilities from reactive to predictive SOC
• Develop expertise within the SOC and IT teams on security incident management
• Maintain knowledge repository of incidents, learning, analysis
• Proof of concept (POC) of any new SOC solution/functional modules.
• Designing security analytics use cases, Research and Development of emerging threats and technologies, threat intelligence collection, support to other SOC team for product engineering and
process improvements.
KRA:
• Automation of L1 & L2 SOC analysts’ routine alerts / incidents reporting.
• Automating Security Orchestration, Automation and Response activities through playbooks
• Measurable reduction in MTTD and MTTR.
• Review and validating new Use Cases.
• Conceptualize and develop security analytics models leveraging billions of events collated by SOC.
• Transform SOC from reactive to predictive SOC
• Elevate the capabilities of the SOC to generate absolute material security incidents with severe criticality
• Design security analytics use cases, Research and Development of emerging threats and technologies, threat intelligence collection, support to other SOC team for product engineering and process
improvements.
• Ensure SOC setup itself remains secured fortress
• Closely collaborate with stakeholders in IT and others for day to day SOC related strategic, operational and tactical standpoint
31
Chief Manager
(SOC Infrastructure
Management)
(SMGS-IV)
Job Profile:
• Responsible for managing end to end SOC infrastructure including installation, integration, provisioning, de-provisioning of SOC Infra in UAT and production environment.
• Implementation of secured configuration of settings / hardening, closure of vulnerabilities by implementing patches, upgradation of version in SOC Infra setup
• Installation of OS, applications, RDBMS, web servers, open source technologies and configure them as per corporate requirements
• Integration of It Infrastructure with PIMS, IAM, SSO, AD, AV, ITAM, ITSM, DLP, NAC
Security of IT Infrastructure by deploying security technologies like firewalls, IPS, WAF etc.
• Uptime management, manage LAN and integration with corporate network,
• Credential / user management, roles and groups management, undertake administrative activities on IT / SOC infrastructure
• IT Infra related SLA management with multiple vendors & OEMs
• Developing Business Continuity and DR Plan and participate in various DR Drills
• Ensure SOC setup reasonably acceptable RTO & RPO.
• Ensure SOC setups is in accordance with Bank’s policies and regulatory & statutory requirements
• Implementation of encryption, hashing techniques for secured communication, processing and storage of data
KRA:
• Managing end to end SOC infrastructure including shipment/placement/replacement and provisioning/ de-provisioning of SOC assets in UAT and production environment.
• Manage uptime as per corporate requirement
• Keep SOC Infra secured by implementing Secure Configuration Document (SCD) and vulnerability assessment compliance in entire SOC infrastructure.
• Maintain Version Upgrades/Patch Management and Control across all the technologies.
• Ensure SOC setup itself remains a secured fortress
Capacity planning (up-gradation of infrastructure-hardware) of SOC.
• Backup/Restoration, Tape devices movement, Testing of backup/restoration as per ISMS procedure
• Manage acceptable RTO & RPO.
• Prove SOC RTO and RPO through various means and during Bank’s various DR BCP Drill.
• Closely collaborate with stakeholders in IT and others for day to day SOC related strategic, operational and tactical standpoint
32
Chief Manager (SOC
Governance) (SMGS-IV)
Job Profile:
• Lead the Governance team and be responsible for implementing various policies including Information Security Policy, Cyber Security Policy, Data Governance Policy and related procedures
• Implement ISO 27001, 27002, 27035 standards
• Conceptualize, develop and review various SOPs for SOC operations aligned with policies, standards, procedure, and guidelines
• Develop strategies, deploy techniques for ensuring security in SOC infrastructure & operations
• Track for new versions and patches of various SOC infrastructure and applications released by OEMs and ensure same are deployed by SOC within the stipulated time frame
• Provide guidance to SOC infra team to close infrastructure and process level vulnerabilities
• Ensure the core objective of SOC is adhered to including true positive incidents/alerts are sent to stakeholders like IT, Business and individual users as applicable.
• Ensure SOC becomes the Nerve Centre of every activity which could impact the security of the Bank
• Review change, patch, user, SoD, uptime managements
• Round the clock Health monitoring of SOC infrastructure.
• Ensuring SOC devices uptime as per SLA.
• Managing DR BCP Drill as per Bank’s requirements.
• Ensure all statutory and regulatory reporting is done in time bound manner
• Ensure all staff members of the Bank and vendor partners are well versed with Information Security related policies, standards, procedures, guidelines and SOPs and are adhering the same in day to
day operations
• Closely collaborate with stakeholders in IT and others for day to day SOC related strategic, operational and tactical standpoint
KRA:
• Ensure SOC operations are in compliance with various policies.
• Achieve and maintain ISO 27001, 27002, 27035
• Implement NIST framework, prescriptions data security laws
• Ensure SOC setup itself remains a secured fortress
• Develop SOPs to ensure SOC operations are managed in a secured manner
• Timely submission of statutory and regulatory reports
33
Chief Manager
(Cyber Security – Ethical
Hacking) (SMGS-IV)
• Overall supervision and strategic direction for the cybersecurity program within the Bank.
• Managing and leading periodic Internal Ethical Hacking exercise activities.
• Proactively engage with stakeholders, build strong relationships with the management of business and auditors, to facilitate vulnerability discovery and remediation efforts.
• Participate in application security assessments.
• Perform network security assessments and security configuration reviews.
• Supervising the Internal Ethical Hacking and red team (IEHRT) exercises.
34
Chief Manager
(Cyber Security – Digital
Forensic) (SMGS-IV)
• Overall supervision and strategic direction for the cybersecurity program within the Bank.
• Managing, leading and supervising Digital Forensic analysis activities.
• Conduct Forensic examination of digital and other evidence and analyze the incidents for forensic investigations using Forensic Tools (Commercial and Open source tools).
• Proactively engage with stakeholders, build strong relationships with the management of business and auditors, to facilitate vulnerability discovery and remediation efforts.
• Preparation of Standard operating procedures (SOPs) and security solution documents.
35
Chief Manager
(Cyber Security – Threat
Hunting) (SMGS-IV)
• Overall supervision and strategic direction for the cybersecurity program within Bank.
Managing, leading and supervising Digital Forensic analysis activities.
• Conduct Forensic examination of digital and other evidence and analyse the incidents for forensic investigations using Forensic Tools (Commercial and Open source tools).
• Proactively engage with stakeholders, build strong relationships with the management of business and auditors, to facilitate vulnerability discovery and remediation efforts.
• Preparation of Standard operating procedures (SOPs) and security solution documents.

You may also like to read