Exp: 3 to 6 years

Des: Officer - Business Risk & Controls, Incident and Event Investigation Support

Reports to – Lead of DBI Team
Location: Bangalore

As team member for this team resource will serve as a specialist on Data Breach Investigation and data breach incidents for the Bank. The position is within TRC (Security Tribe), which helps in investigating the breaches reported across the group and work with Data Protection Office in ensuring adherence to GDPR & Data Privacy in particular.

Key responsibilities and tasks
• Investigate data breaches and produce necessary reports to the DPO office and to the relevant stakeholders.
• Manages data breach incidents in close coordination with the core teams across the Group.
• Provides reports to relevant stakeholders on an ongoing basis, as well as response to specific incidents.
• Advises business process and service functions where their activities put the company at risk and provides actionable solutions to remediate risks and issues.
• Work with breach reporters and mitigates data privacy risks and advise on remediation plans.
• Supports/Educates the group on reporting of data breaches and recommendations mitigations and solution

Maintains knowledge on regulatory reporting requirements within the financial sector.
• Understanding of financial reporting requirements
• Understanding of privacy processes in financial services and IT services
• Understanding of incident process analysis and practices of root cause analysis
• Prior experience with handling of IT incidents and associated reporting.

Willing to work in a 24x7 function (follow-the-sun model setup) to meet regulatory timelines (ranging from 4 to 72 hours).

Primary Skills
• This role will serve on Data Breach Investigation and work with Data protection office to submit the breach investigation reports for the Bank.
• Thorough knowledge on GDPR and hands-on experience in handling SLA and GDPR related incidents.
• Good knowledge on Data Privacy Impact assessment and Risk (severity) assessment
• Investigate data breaches and ensure the participation of relevant stakeholders.
• Additional knowledge on ISO270001, ISO27701, PCI DSS and financial legislation, including NIS Directive would be added advantage.
• Support incident response activities and recommendations for resolution and mitigation

Good to have skills.
• Execution of any required notices to individuals, business partners and government officials.
• Provides reports to relevant stakeholders on an ongoing basis, as well as in response to specific incidents.
• Privacy related certifications