Information Security Manager

Information Security Manager – Job Description

Location: [Pune]

Department: Security & Risk (GRC + SecOps)

Role Summary

The Information Security Manager oversees the entire security program, including governance, risk, and operations. They turn policy and audit findings into implemented, evidence-based controls that lower business risk. The role manages the policy framework and exception process, maintains the enterprise risk register and residual-risk approvals, and manages SecOps: onboarding logs to SIEM/XDR, developing a priority detection catalog, automating ticketing for P1/P2 alerts, and leading incident response with chain-of-custody and post-incident reviews. They deliver network and UPS segmentation (VLAN/ACL blueprint, locked management planes, drift control), enforce BYOD/remote access policies (Conditional Access, MDM/EDR, full-disk encryption, MFA, monthly access attestation), and encourage verified vulnerability scanning with patch SLAs linked to change management (pre-backup, rollback, validation evidence). The manager aligns data governance, system management, BCP, physical/visitor controls, and third-party security requirements, ensuring supplier due diligence and breach notification obligations are met. Daily, the ISM publishes clear runbooks, coordinates change and maintenance windows, verifies control effectiveness with artifacts, and reports concise KPIs to leadership, making sure risk, cost, and uptime trade-offs are transparent and justified.

Key Responsibilities

1) Governance, Risk & Policy (GRC) — hands-on author and enforcer

• Own the Policy Governance & Framework: versioning, invocation/revocation, annual reviews, acknowledgments, cross-policy consistency.
• Run the exception program: risk assessment, compensating controls, SoD (requester approver), time-bounded exceptions with auto-reminders and auto-expiry.
• Maintain the Risk Register linked to assets, owners, and evidence; drive quarterly risk review, residual risk acceptance, and recalibration of risk criteria.
• Align and cross-reference policies (Network, System Mgmt, Data Gov, Incident, BCP, Physical/Visitor, Change). Draft or refactor standards/SOPs where gaps exist.

2) Security Operations (SecOps) — SIEM/XDR builder/operator

• Stand up log engineering end-to-end: parsers, normalizations, field mappings, and pipeline health for firewalls, switches, endpoints, servers, identity, and SaaS.
• Curate a priority use-case catalogue (minimum 12 to start): admin logins, failed-admin bursts, config changes, privilege escalation, EDR tamper, malware, VPN anomalies, unusual egress, lateral movement, disabled security tooling, new device on secure VLAN, account lockout spikes.
• Wire P1/P2 auto-ticketing to ITSM, define on-call, publish triage/runbooks, and run weekly tuning with false-positive reduction.

3) Network & Segmentation / Access Controls — architect + implementer

• Deliver the VLAN/ACL blueprint (Prod, User, Guest, Voice, IoT/Facilities, Management) with L3 least-privilege flows; enable DHCP snooping/ARP inspection.
• Lock management planes: mgmt VLAN unroutable from user/guest; SSHv2/HTTPS/SNMPv3 only; AAA/RBAC; jump-host for admin + MFA; config baselines + drift detection.
• Lead segmentation: separate rails for Perimeter, Core/Distribution, Server Room, CCTV; circuit labeling; runtime targets; failover validation; runbook publication.

4) Identity, BYOD & Remote Access — control the edge

• Publish and enforce Remote Access & BYOD standards (CA conditions, device compliance, EDR, FDE, jailbreak/root detection, session controls).
• Implement Conditional Access: device-based access, risk-based sign-in blocks, geolocation and impossible-travel filters.
• Run monthly access reviews with auto-deprovisioning; ban unmanaged VPN; force admin work through jump-hosts only.

5) Vulnerability, Patch & Change Management — evidence before elegance

• Operate authenticated scanning across server/endpoint/network scopes; prioritize by exploitability and business criticality.
• Enforce patch SLAs (Critical 7d / High 15d / Medium 30d) with exceptions time-boxed.
• Tie remediation to Change Mgmt: pre-change backup, rollback plan, maintenance window, post-change validation evidence attached to the ticket.

6) Incident Response & Business Continuity — from first hour to PIR

• Own the IRT charter: severity matrix, SLAs (ack, containment, RCA), comms matrix (internal/external), and evidence handling (chain-of-custody).
• Drive containment (EDR isolate, ACL block, credential reset), eradication (image rebuild), recovery (gold images, restore tests).
• Run PIRs (P1/P2 within 5 biz days), translate lessons into use-cases, SOPs, patches, or architecture changes; align with BCP drills (table-top/partial/full).

7) Awareness, Internal Audit & Third-Party Risk — close loops

• Targeted awareness campaigns tied to incidents (phishing simulations, micro-learning, manager briefings).
• Coordinate internal audits, define CAPA with owners/dates, verify closures; escalate aging NCs.
• Oversee supplier security checks (pre-engagement DD, contract exhibits, breach notification SLAs, flow-down obligations, periodic re-cert).

Required Qualifications (what we actually need you to have done)

• 7–10 years in security with 3+ years leading GRC or SecOps initiatives that shipped real changes (not just advisory).
• Proven delivery of at least two of the following, end to end:
• A segmentation project (VLAN/ACL blueprint implementation test/rollback).
• A SIEM/XDR rollout (log onboarding, correlation rules, auto-ticketing, on-call).
• BYOD/Remote Access enforcement (CA/MDM/EDR/FDE) with posture blocks.
• A patch SLA program tied to change control and evidence.
• Incident Response for a P1/P2 event with PIR and durable control changes.
• Strong working knowledge of ISO 27001/27002, NIST CSF/800-53, CIS Controls, and enterprise ERM; can map findings to controls and show evidence.

Education & Certifications (preferred):

• Bachelor's in CS/IT/Engineering (or equivalent experience).
• CISM / CISSP strongly preferred; ITIL, Azure/AWS security, GIAC a plus.

Skills & Competencies (practitioner-level)

• Architect–Operator mindset: can whiteboard the target state and then implement it safely in production.
• Detection engineering: write/tune rules; reduce noise; measure dwell time.
• Network fluency: routing/switching, ACLs, DHCP snooping/DAI, mgmt plane security, VPN modes (full vs split), HA patterns.
• Identity & endpoint: Conditional Access, device compliance, MDM policy sets, EDR isolation, FDE.
• Change discipline: rollback plans, pre-change backups, validation evidence, emergency change documentation.
• Communication: converts technical risk to business impact; writes clear RCAs, runbooks, and executive summaries.
• Evidence obsession: if it's not documented with artifacts, it didn't happen.

Tooling Exposure (broad, not brand-bound)

Perimeter/Network

• Firewalls: Fortinet, Palo Alto, Check Point, Cisco ASA/FTD (policy sets, NAT, IPS/AV, SSL intercept basics).
• Switching/WLAN: Cisco Catalyst/Meraki, Aruba, HPE/Netgear (VLANs, LAGs, 802.1X/EAP-TLS, guest isolation).
• Network services: RADIUS/TACACS+, SNMPv3, NTP, syslog, NetFlow/sFlow/IPFIX.

Identity & Endpoint

• IdP: Microsoft Entra ID/Azure AD, Okta, Ping (SSO, SCIM, CA policies).
• MDM/UEM: Intune, Jamf, Workspace ONE (compliance, profiles, app protection).
• EDR/XDR: Microsoft Defender for Endpoint, CrowdStrike, SentinelOne, Trellix (policies, isolate, exclusions, tamper protection).
• Disk encryption: BitLocker, FileVault; secret management: vaults (AKeyless, HashiCorp, KeePass/enterprise equivalents).

Monitoring & Response

• SIEM: Wazuh/Elastic, Sentinel, Splunk, QRadar, Sumo (data connectors, KQL/SPL, correlation, UEBA basics).
• SOAR/Automation: native playbooks or tools (Sentinel Logic Apps, Splunk SOAR, Cortex XSOAR) to open/route tickets and enrich alerts.
• Forensics/Triage: Velociraptor, KAPE, Sysmon, Sysinternals, Windows Eventing, Brim/Zeitgest for pcap/Zeek basics.

Vulnerability/Patch/Config

• Scanners: Tenable/Qualys/Rapid7 (authenticated scans, API exports).
• Patch: WSUS/SCCM/Intune/Azure Update Mgmt, Linux repo mgmt (apt/yum/zypper).
• Config mgmt: Ansible/Salt/PowerShell DSC; backup & drift tools (rancid/oxidized, GitOps patterns).
• Compliance as code (nice to have): OpenSCAP, Chef InSpec, Azure Policy.

Cloud & SaaS

• Azure/AWS/GCP security guardrails (security groups/NSGs, IAM, key management, logging).
• SaaS hardening (M365/Google Workspace): MFA, DLP, safe links/attachments, audit logs, OAuth app governance.