· Evaluate infrastructure upgrades, patching, and technology refreshes to validate embedded security controls and risk mitigation strategies.
· Assess and approve code changes to ensure secure coding practices, vulnerability management, and compliance with secure development standards.
· Review and approve firewall ACL change requests to ensure compliance with network security policies and minimize risk exposure.
· Review Data Loss Prevention policy changes and requests, ensuring sensitive data protection aligns with bank policies.
· Approve vulnerability assessment scanning schedules and ensure scan results are integrated into remediation plans.
· Assess and approve security exception requests, balancing business needs with risk management and compliance requirements.
· Review and authorize changes to security tools, endpoint configurations, and monitoring systems to ensure uninterrupted protection.
· Evaluate new project proposals, ensuring security-by-design principles are integrated into project planning and execution.
· Approve service requests impacting information security, such as cloud provisioning, third-party integrations, and privileged access changes.
· Develop and maintain a standardized change approval framework, Standard Operating Procedures covering application, infrastructure, and network layers.
· Oversee the annual calendar for recurring assessments and audits of previously approved changes to ensure continued alignment with security policies.
· Collaborate with development, DevOps, and IT teams to embed security controls at each stage of the change lifecycle.
· Provide regular reporting to line manager on high-risk changes, security exceptions, and the overall effectiveness of change controls.
· Attend weekly Change Approval Board meetings