Assistant Manager

Asst Manager - L2

Shift 24x7

Location - Mumbai

The role is responsible for implementing and managing a Hybrid Security Service Edge (H-SSE) framework with Zero Trust Network Architecture (ZTNA) for bank. The candidate will ensure the solution is secure, scalable, resilient, highly available, and compliant with RBI, CERT-In, Indian IT laws, foreign regulatory mandates (where applicable), and bank Information Security Policy Framework.

Key Responsibilities

1. H-SSE & Zero Trust Architecture

• Implement Hybrid SSE architecture combining cloud-based SSE and on-prem security controls.
• Implement Zero Trust Network Architecture (ZTNA) with identity-based, role-based, and context-aware access.
• Define architecture for local internet breakout across bank branches and offices.
• Ensure high availability, redundancy, disaster recovery, and scalability.

2. Cloud-Based Security Service Edge

• Deploy and manage Cloud-based SSE to secure user access to:
• Internet websites
• Cloud applications
• SaaS platforms
• Implement advanced security controls including:
• Secure Web Gateway (SWG)
• CASB
• Firewall-as-a-Service (FWaaS)
• Advanced Threat Protection
• URL filtering and malware protection

3. On-Premises Secure Web Gateway

• Design and operate On-Prem Secure Web Gateway (SWG) for:
• Critical servers
• Internet-facing systems
• Integrate on-prem SWG with cloud SSE for unified policy enforcement.

4. Cloud-Based VPN / Private Application Access

• Implement Cloud-based VPN / Private Application Access for secure access to bank’s internal systems.
• Enable role-based and least-privileged access to applications.
• Ensure seamless integration with IAM, MFA, and device posture checks.

5. Data Loss Prevention (DLP)

• Implement DLP controls for internet and private application access.
• Prevent leakage of Bank’s sensitive data and PII in compliance with:
• RBI guidelines
• CERT-In directives
• Data privacy and localization mandates
• Define and enforce data classification and protection policies.

6. Local Internet Breakout & Global Offices

• Enable local internet breakout from branches/offices routed via H-SSE.
• Plan and execute migration of Internet Proxies at 10 foreign offices to H-SSE.
• Ensure compliance with country-specific regulatory requirements for foreign locations.

7. Compliance & Governance

• Ensure compliance with:
• RBI, CERT-In, and Indian IT Act
• Applicable foreign regulatory and statutory mandates
• Bank Information Security Policy Framework
• Support audits, VA/PT, regulatory inspections, and compliance reporting.

8. Managed Services & Operations

• Provide 24x7 managed security services including:
• Monitoring
• Incident response
• Policy management
• Change management
• Define SLAs, KPIs, SOPs, and escalation matrices.
• Coordinate with bank stakeholders, OEMs, and internal teams.

Technical Skills Required

• SSE / SASE platforms (Zscaler, Palo Alto Prisma, Netskope, Forcepoint, etc.)
• Zero Trust / ZTNA architecture
• Secure Web Gateway (Cloud & On-Prem)
• VPN, Private Access, Remote Access Security
• DLP (Endpoint, Network, Cloud)
• IAM, MFA, SSO integration
• Network Security (Firewalls, Proxies, Routing)
• High Availability & DR design
• Compliance & Audit support

Educational Qualification:-

1. BE / ME (Computer / IT & Allied Branches / ECE)

2. B. Tech / M. Tech (Computer / IT / ECE)

3. MCA

4. MSc (Computer / IT & Allied Branches

OEM / Professional Certification for Cloud Solution

CCSP / AZ-305 (Azure Solutions Architect Expert) / AWS Certified Solutions Architect / GCP Professional / OEM Certificates at least professional/advanced/expert level / OEM relevant Certification on SSE

Industry Experience for Cloud / SSE Solution

5+ years of total experience out which 3 years of relevant experience in implementing and managing the SSE solution.