Lead - Information Security Operations

Job Summary:

We are seeking a seasoned Information Security Operations professional to lead and manage enterprise-wide security operations. This role encompasses Identity and Access Management (IAM), Vulnerability Management (VM), Patch Management (PM), Mobile Device Management (MDM), DAM, Endpoint Security, On-Prem Server Security, Vulnerability Assessment (VA), Penetration Testing (PT).

Key Responsibilities:

Security Operations

• Lead and manage day-to-day security operations across all security domains.
• Review and approve security access requests and change management tickets.
• Collaborate with stakeholders to ensure security requirements are met before approvals.
• Ensure all approvals are in line with internal security policies, standards, and regulatory requirements.
• Continuously improve the security approval workflow for efficiency and transparency.

Identity & Access Management (IAM)

• Design, implement, and manage IAM solutions using Microsoft suite Entra ID, Active Directory, and Microsoft 365.
• Define and enforce role-based access controls (RBAC), least privilege principles, and access governance.
• Manage IAM lifecycle processes for user identities, including provisioning, de-provisioning, and access reviews.
• Implement and manage Microsoft PIM for privileged access control.
• Configure and maintain Conditional Access policies to enforce secure access based on risk signals.
• Manage multi-factor authentication (MFA), single sign-on (SSO), and federation services (AD FS, SAML, OAuth).
• Integrate third-party applications with Microsoft IAM solutions.
• Ensure IAM solutions comply with internal policies and external regulations (e.g., GDPR, DPDP).
• Conduct periodic user reconciliation, access reviews and audits to ensure compliance and reduce risk.
• Develop and maintain automation scripts and workflows for IAM processes using PowerShell and Microsoft Graph API.
• Integrate IAM with ITSM tools (e.g., ServiceNow) and other enterprise systems.
• Investigate and resolve IAM-related incidents, service requests and provide expert-level support for IAM issues across the organization.

Vulnerability & Patch Management

• Manage vulnerability scanning tools, conduct regular VA/PT exercises internally and with third-party vendors.
• Manage vendor relationships for external PT engagements. Review and validate findings, ensuring timely mitigation.
• Coordinate with IT teams to ensure timely patching of systems and applications.
• Define and implement data access policies and standards across business units.
• Manage access provisioning, de-provisioning, and periodic access reviews for critical data systems.
• Ensure least privilege and role-based access principles are enforced.

DAM Operations Management

• Oversee day-to-day DAM operations including request handling, approvals, and escalations. Monitor and report on access control effectiveness and anomalies.
• Collaborate with IAM, IT, and data governance teams to align access controls with business needs.
• Ensure DAM practices comply with regulatory requirements
• Support internal and external audits by providing access logs, reports, and evidence.
• Identify and mitigate risks related to unauthorized data access.
• Work closely with data owners, custodians, and business leaders to define access requirements.

Metrics & Reporting

• Develop KPIs and dashboards to track security platform IAM, DAM, VM, PT and patching performance, access trends, and compliance posture.
• Present regular updates to senior leadership and governance committees.

Qualifications:

• Bachelors or Master's degree in Computer Science.
• Experience in Managing Information Security operations for large enterprise for 10+ years.
• Proven experience in managing large-scale security operations.
• Strong understanding of regulatory frameworks and compliance standards.
• Managed a Team of 5-7 people.

Skills:

• Expertise in security tools: Microsoft Suite Entra ID, Active Directory, and Microsoft 365, PIM, PAM, IAM, DAM, EDR, IAM, VM scanners, MDM platforms.
• Strong analytical and problem-solving skills.
• Excellent communication and stakeholder management abilities.