Amit Kumar Choubey

VP - Head IT Security and Technology Risk

RBL Bank · Full-time

At RBL Bank, I lead IT Security and the Technology Risk function, with an objective to strengthen the security and minimize risk, adherence to internal policies, SOPs, regulatory guidelines, regulatory compliance & submissions, and comprehensive closure of audit points. Leveraging my specialized background in IT and information security risk, I am dedicated to enhancing the organization's security posture and resilience. I provide strategic direction to top management, raising awareness of the evolving threat landscape and guiding the implementation of proactive security measures.

Lead (VP) - IT and Infosec Audit

SBI Card · Full-time

• Set-up and manage in-hose team for conducting IT and Information Security audits, including reviewing audit reports, preparing risk ratings, and creating ACB (Audit Committee Board) decks. • Plan and conduct in-house IT and Infosec audits, covering areas such as IT/IS Governance Audit, IT/IS Process Audits, and Thematic Audits. • Oversee outsourced IT and Infosec audits, including IT Infrastructure Audit, Vulnerability Assessment and Penetration Testing (VA PT), and Application Security (AppSec) audits.

DVP Information Security

IndusInd Bank · Full-time

• Heading Information Security GRC function, Regulatory Reporting and Submissions • Handling Incident Management, Application Security Assessment and Third Party Risk Management

AGM in Cyber Security and IT Risk Group

Reserve Bank of India (RBI) · Full-time

Worked in Reserve Bank of India (India's central bank and regulatory body), as Assistant General Manager (AGM, Grade – ‘C’ on Contract) in Cyber Security and IT Risk Group, Risk Specialist Division, Department of Supervision (DoS). Key roles and responsibilities :  Conduct onsite Cyber Security assessment and IT Audit of RBI Regulated Entities (e.g., Banks, NBFCs, CICs), including Cyber Security assessment of IT systems (Servers, Network, Database, Cloud etc.) Security solutions (Firewall, DDoS, DLP, NAC, IdAM, WAF, Firewall, IDS/IPS, EDR etc.), BCP operations, IT governance, Change Management Process, Vendor Risk Management Process, Data Centre, SOC, Business & Enterprise Applications, Digital Products, Payment Gateways etc.  Conducting Thematic Examinations, for RBI Regulated Entities (e.g., Banks, NBFCs, CICs), on account of enhanced risk perception.  Conduct offsite IT Risk assessment, (assessment of the periodical / ad-hoc returns submitted by REs pertaining to Cyber Security preparedness), Prepare Risk scoring for RSEs. Compliance assessment as submitted by REs for the IT examinations, adherence to RBI circulars, alerts, and advisories pertaining to Information/Cyber Security.  Incident investigation (for cyber incidents), reviewing the incident modus operandi, conducting root cause analysis.  Project planning and implementation for Cyber Security related projects (e.g., Phishing Simulation, Passive Reconnaissance). Planning and conducting cyber security drills (tabletop exercises) for REs.  Assist in formulation of policies and frameworks pertaining to IT/cyber security. Preparing alerts and advisories for REs based on the information/inputs received.

Information Technology Manager

United bank of India · Full-time

Worked as Manager Information Technology (I.T.), in United Bank of India (now- Punjab National Bank), a premier Public Sector Bank of India, in Information Technology and Banking Risk Department.  Implementation of best practices for Information & Cyber Security for the bank’s IT infrastructure (including Servers, Endpoint s, Network, Databases, Card Environment, Security Solutions), Business Applications, (e.g. CBS, Treasury Management Software, Digital Channels/Products, Payment Applications), Enterprise Applications. Managing Internal Security Assessments and External Audits, Regulatory Audits, Security Assessments for Card Environment (based on PCI SSC frameworks), Third Party Risk Audits, evaluation & implementation of bank's internal IT & Info. Security processes and procedures, ensuring compliance with organizational policies, industry standards and regulatory guidelines.  Implementing ISMS in the bank and getting ISO 27001 certification for SOC, NOC, DC and DR sites. Handling Certification and Surveillance Audit.  Managing and contributing to project planning, budget management for successful completion of Information Security projects, develop KPIs and KRIs to monitor and measure performance.  Conducting VA-PT analysis, Application Security Testing, take part in Red Team exercise for the Bank together with the selected vendor.  Evaluation of Security tools and solution(s) vis-a-vis requirement, provide recommendation to the Top Management for ensuring smooth implementation of new tools and technologies. • Leading C-SOC managing Enterprise-Wide Security Solutions (e.g., SIEM, WAF, DLP, DAM, NAC, EDR, MDM Solution, IPS, Firewall etc.). • Perform duties as member of Steering Committee(s) on Information Security and Cyber Security. Apprise the CXOs and Senior Management about the threat landscape and resilience measures through Risk Register.

Assistant Manager Information Technology

United bank of India · Full-time

Joined as Assistant Manager Information Technology (I.T.), in United Bank of India (now- Punjab National Bank), a premier Public Sector Bank of India, in Information Security and Banking Risk Department • Worked with all stakeholders to help define and drive the execution of Information Security Policy and Cyber Security Policy including Cyber Crisis Management Plan. • Assisting SOC operations with OEM support team (HPE), Incident handling reporting and root cause analysis. Prepare Incident Dashboards. • Implementing and managing different Enterprise-wide Security Solutions (e.g., SIEM, WAF, DLP, DAM, NAC, EDR, MDM Solution, IPS, Firewall, Proxy Solution etc.), in conjugation with MSSP. • Threat Modelling, periodic assessment of Security Solutions, Rule Review for SIEM, Firewall, DLP in conjugation with the team. • Regulatory reporting pertaining to IT and Information Security. Threat Intelligence Monitoring, implementation of controls as advised by regulatory and statutory bodies (e.g., RBI, NCIIPC, Cert-IN, IB- CART) • Preparing Hardening Guidelines for IT Assets (Servers, network devices, endpoints, security solutions). Managing Anti-Virus, Cloud based WAF Services, Proxy Solution, Firewall, DDoS services.