IT Security Manager

The purpose of the Head of Information Security role is to safeguard Jubilant Bhartia Group’s digital assets, operations, and reputation by establishing and leading a comprehensive cybersecurity strategy. The role ensures that information security is embedded into business processes, technology adoption, and regulatory compliance while enabling the Group’s digital transformation and innovation objectives. By driving governance, risk management, cyber defense, data protection, and security awareness, the Head of Information Security provides resilience against evolving threats, builds stakeholder trust, and empowers the organization to operate securely and competitively in global markets. The Jubilant Bhartia Group operates across diverse industries including pharmaceuticals, life sciences, food services, and manufacturing, with a significant global footprint. In this highly digitized and regulated environment, protecting intellectual property, customer trust, critical infrastructure, and sensitive data is central to business resilience and growth. The Head of Information Security plays a pivotal role in shaping and executing the Group’s cybersecurity vision. This role provides leadership in safeguarding IT and OT ecosystems, driving compliance with global regulations, and ensuring alignment of security programs with business strategy. With increasing cyber threats, regulatory expectations, and digital transformation initiatives, the position requires balancing robust security with business agility. Developing a Group-wide cybersecurity strategy and governance framework. Protecting enterprise systems, data, and operations from evolving threats. Leading cyber defence, risk management, privacy, and compliance initiatives. Driving awareness and culture change across diverse business units. The Head of Information Security faces the challenge of balancing strong cybersecurity with the Group’s growth and digital transformation goals, ensuring that controls do not hinder business agility. Securing both IT and OT environments is complex, especially as manufacturing plants, industrial systems, and supply chain ecosystems converge with enterprise IT. The role must navigate diverse global regulatory requirements such as the DPDP Act, GDPR & HIPAA, while also managing risks posed by third parties and extended vendor networks. Evolving threats like ransomware, advanced persistent attacks, and insider risks demand proactive defenses, intelligence-led operations, and rapid incident response. At the same time, building a security-first culture across varied business units and geographies, while developing and retaining skilled cybersecurity talent in a competitive market, remains a constant priority. 2, DETAILS OF THE JOB: Director - Information Security Cloud Security - Secure workloads, applications, and data across public, private, and hybrid cloud platforms. Identity Security - Safeguard digital identities, enforce access controls, and manage privileged accounts. Threat Intelligence & Hunting- Leverage internal and external intelligence to proactively identify and mitigate emerging threats. Application Security- Embed security into the software development lifecycle and protect applications against vulnerabilities. Vulnerability Management - Continuously identify, assess, and remediate vulnerabilities across IT, OT, and cloud environments. Cybersecurity Strategy, Architecture & Program Strategy - Define the long-term cybersecurity vision and align it with business and digital transformation goals. Strategic Initiatives - Drive group-wide programs such as Zero Trust, cloud security, and OT/ICS security modernization. Architecture - Establish and govern enterprise security architecture standards across IT, OT, cloud, and applications. Data Security & Privacy Web Security - Protect enterprise web applications and gateways against exploits, malware, and unauthorized access. Engineering Incident / Request Resolution - Provide timely resolution of security-related incidents and requests raised by business or IT teams. Policy Effectiveness- Ensure security policies are practical, up to date, and effectively enforced across the organization. DLP Incident Response & Resolution - Monitor, investigate, and resolve data loss prevention alerts to prevent sensitive data exfiltration. Data Classification - Protect sensitive business and customer data through classification, encryption, and retention controls. Data Privacy - Implement consent management, anonymization, and data minimization practices and Conduct regular Privacy Impact Assessments (PIAs) for new initiatives. Risk and Compliance Governance - Establish cybersecurity governance structures, policies, and oversight aligned with business objectives. Risk Management - Identify, assess, and prioritize cyber risks, integrating them with enterprise risk management frameworks. Third-Party Risk Management - Evaluate and monitor security posture of vendors, partners, and supply chain entities handling sensitive data. Compliance - Ensure adherence to regulatory, legal, and industry-specific security standards across geographies. Mitigation Task Completion - Ensure timely closure of identified risks, vulnerabilities, and incident-driven corrective actions. Awareness & Training Security Training & Awareness Campaigns - Develop structured programs and campaigns to build a security-first mindset across the organization. CISSP, CISM, OSCP, CCSP, cloud security). Trainings - Provide continuous learning opportunities through internal/external training programs, workshops, and knowledge-sharing sessions. Tools and Technology Training - Ensure hands-on expertise in deployed security tools, platforms, and emerging technologies to strengthen operational effectiveness. Group CDIO and IT Business Partners IT Infrastructure & IT Applications Support Risk Management, Legal & Compliance HR (for awareness and training) 5, EDUCATION & EXPERIENCE BE / B-Tech/ M-Tech/MBA or MCA from a reputed university. Experience Range: 15-20 years Desirable experience: ~15–20 years in IT/OT Security, with at least 7 years in leadership roles ~ Exposure to large, diversified conglomerates with global operation ~ Proven track record in building security strategy and incident response at scale ~ Experience of working in Pharma Industry is desirable Cybersecurity Frameworks & Standards Risk Management Cloud Security Expertise in AWS & Azure security controls; Network & Infrastructure Security Data Security & Privacy Governance, Risk, and Compliance (GRC)