Information Security Manager

Job Description

Information Security Manager

Work Location: JaipurJob Type: Full TimeLegal Entity: Vconnex Pvt Ltd.Qualifications: Any Graduations (BCA, MCA, Btech)Experience Required: 3-7 years

Position Title:

Information Security Manager

Reports To:

Head of Engineering

Business Unit:

IT- Jaipur

PURPOSE OF THE POSITION

We are looking for a highly skilled Information Security Manager to lead and implement ISO 27001 compliance, cybersecurity strategies, and risk management within our organization. The ideal candidate will establish and maintain security policies, manage information security risks, and ensure compliance with regulatory standards like SOC2, GDPR, and NIST frameworks.

ORGANISATIONAL CONTEXT

Company Name- CIMET

CIMET- A Comparison Software Leader Website-

Product Link-

LinkedIn-

CIMET provides end-to-end comparison and signup of energy, telecommunication, credit cards and other products plans through its online solution in a B2B and B2C environment.

It presently caters to more than 40+ Utilities and Financial Service providers and has over 200+ partners. The online comparison market is extremely crowded in Australia, with most comparators providing a light touch directory solution. CIMET saw this as an opportunity and developed a fully integrated online comparison and signup platform.

On 15 March 2022, CIMET partnered with iSelect who acquired a 49% stake in CIMET Holdings.

Going forward, CIMET will use this investment from iSelect to expand into new products including Credit Cards, Home loans, Car loans, Personal loans, Life Insurance, Health Insurance, Pet Insurance among others. CIMET today has around 200+ team members, across Australia, India and Philippines and will double over the next 2 years.

Roles Responsibilities:

ISO 27001 Implementation Compliance:

- Develop, implement, and maintain an Information Security Management System (ISMS) aligned with ISO 27001 standards.
- Conduct ISO 27001 gap analysis, risk assessments, and audits to ensure compliance.
- Define and enforce information security policies, procedures, and controls to safeguard data integrity, confidentiality, and availability.
- Drive ISO 27001 certification efforts, ensuring successful audits and continuous improvements.
- Lead security awareness training programs for employees to enhance the organizations security posture.

Cybersecurity Strategy Risk Management:

- Develop and implement a cybersecurity strategy to protect against threats, vulnerabilities, and attacks.
- Conduct regular penetration testing, vulnerability assessments, and security audits to identify and mitigate risks.
- Implement Zero Trust architecture, access control mechanisms, and security best practices across IT infrastructure.
- Monitor threat intelligence, security incidents, and cyber threats, responding with effective mitigation strategies.
- Ensure security of cloud infrastructure (AWS, Azure, GCP) by enforcing IAM policies, encryption, and secure configurations.
- Establish and manage a Security Incident Response Plan (SIRP) for rapid threat detection and mitigation.

Regulatory Compliance Governance:

- Ensure compliance with ISO 27001, SOC2, GDPR, NIST, PCI-DSS, and other industry security frameworks.
- Collaborate with internal teams to align security policies with business operations and regulatory requirements.
- Work with external auditors and security consultants to maintain compliance certifications and regulatory audits.
- Develop and maintain security metrics, dashboards, and reports for leadership and regulatory bodies.

Security Operations Monitoring:

- Oversee SIEM (Security Information and Event Management) solutions for real-time threat detection.
- Implement and manage Intrusion Detection Prevention Systems (IDS/IPS), firewalls, and endpoint security solutions.
- Develop and enforce incident response, disaster recovery, and business continuity plans.
- Ensure data protection, encryption, and secure backup strategies are in place for all critical systems.

Required Skills and Qualifications:

- 5+ years of experience in information security, cybersecurity, or compliance roles.
- Strong expertise in ISO 27001 implementation, auditing, and certification.
- Hands-on experience with security risk assessments, vulnerability management, and threat modeling.
- Deep understanding of cybersecurity frameworks (SOC2, NIST, CIS, GDPR, PCI-DSS).
- Experience with SIEM solutions (Splunk, ELK, QRadar, or similar) for security monitoring.
- Knowledge of firewalls, IDS/IPS, endpoint protection, and cloud security best practices.
- Strong understanding of IAM, network security, encryption, and access control policies.
- Certifications like CISM, CISSP, CISA, CEH, ISO 27001 Lead Auditor/Implementer are highly preferred.
- Strong problem-solving, communication, and stakeholder management skills.

Professional Attributes:

- Strong interpersonal and communication skills, being an effective team player, being able to work with individuals at all levels within the organization and building remote relationships.
- Excellent English skills and experience working within a multi-location team.
- Excellent prioritization skills, the ability to work well under pressure, and the ability to multi-task.
- Ability to work independently with minimal supervision and to resolve problems on non-routine matters.

Education Qualification:

- Any Technical Degree BTech., B.E. BCA, MCA will be preferred.

Why Join Us

- Opportunity to be part of a rapidly growing, innovative product-based company.
- Collaborate with a talented, driven team focused on building high-quality software solutions.
- Competitive compensation and benefits package.

CHALLENGES OF THE POSITION

Challenge

Brief Description

Rapid Growth

CIMET will double its workforce over the next 2 years, we need to build and onboard a team of high performing people to enable the planned growth to reach fruition.

Systems

CIMET is in the early phase of the expansion where systems, processes and policies are being developed and implemented. This means there will be constant changes occurring and you will need to be agile in your approach to changing business priorities.

Role:Manager Information Security

Industry Type:IT Services & Consulting

Department:IT & Information Security

Employment Type:Full Time, Permanent

Role Category:IT Security

Education

UG:Any Graduate

PG:Any Postgraduate