Manager - Information Security

Please note this is an urgent requirement.

Job Summary:

We are seeking a forward-thinking and experienced Manager – Information Security to lead our enterprise-wide security posture across on-premise, cloud, and third-party environments. The candidate will be responsible for managing security governance, technical controls, incident response, data protection, and regulatory compliance while also enabling secure digital transformation initiatives.

This role demands strong technical acumen, leadership capabilities, and deep understanding of both global and local regulatory frameworks, such as ISO 27001, PCI DSS, DPDPA, and GDPR.

Key Responsibilities: Security Governance & Compliance

• Develop, maintain, and enforce security policies, standards, and procedures aligned with ISO 27001, NIST CSF, PCI DSS, DPDPA, GDPR, and CCPA.
• Lead periodic internal risk assessments, audits, and ensure timely closure of findings.
• Manage regulatory and third-party security audits, and track risk remediation activities.
• Drive organization-wide security awareness and training programs.

Security Operations & Incident Response

• Lead security incident response, including triage, root cause analysis, and reporting.
• Oversee SIEM/SOAR platforms (e.g., Splunk, Sentinel, QRadar) and coordinate with SOC teams for threat detection and response.
• Own and regularly test Cyber Crisis Management Plan (CCMP) and DR/BCP cyber resilience procedures.

Cloud, Network & Infrastructure Security

• Ensure secure deployment and configuration of cloud platforms (AWS, Azure, GCP) using CSPM tools (e.g., Prisma Cloud, AWS Security Hub).
• Oversee network security controls across firewalls (Palo Alto, SonicWALL), VPN, NAC, and segmentation.
• Review cloud workload protections, IAM roles, VPC designs, and encryption management (KMS, Azure Key Vault).

Identity, Access & Data Protection

• Manage Identity and Access Management (IAM) systems, enforcing RBAC, MFA, SSO, and least privilege principles.
• Implement and monitor Data Loss Prevention (DLP) tools across endpoints, cloud services, and email.
• Ensure strong data classification, encryption at rest/in transit, and compliance with data retention policies.

DevSecOps & Application Security

• Collaborate with DevOps and engineering teams to embed security in the SDLC, enabling DevSecOps practices such as code reviews, pipeline scanning, and container security.
• Support secure design reviews and threat modeling for new applications or major changes.

Third-Party & Supply Chain Security

• Lead vendor security evaluations, contract reviews, and third-party risk assessments.
• Implement ongoing monitoring of vendor performance and regulatory compliance.
• Maintain an approved list of vendors with documented security controls.

Security Metrics, Strategy & Reporting

• Define and track KPIs, KRIs, and compliance dashboards for executive and board-level reporting.
• Own and drive the execution of the Information Security Program, aligned with business goals and regulatory mandates.
• Provide guidance to business and IT stakeholders to ensure secure digital enablement.

Required Qualifications & Experience:

• Bachelor's degree in Computer Science, Information Security, or related field.
• 7–10 years of relevant InfoSec experience with 2+ years in a leadership/managerial role.
• Industry certifications: CISSP, CISA, CEH, ISO 27001 Lead Auditor/Implementer (any two strongly preferred).
• Strong hands-on and strategic experience with:
• Security frameworks: ISO 27001, NIST, PCI DSS, GDPR, DPDPA
• Tools: SIEM, EDR/XDR, DLP, IAM, CSPM, SAST/DAST
• Platforms: AWS, Azure, GCP
• Controls: Firewall, VPN, NAC, Encryption, DevSecOps pipelines

Key Skills:

• Information security leadership across multi-cloud and on-prem environments
• Risk management and compliance
• Security incident and crisis handling
• Secure architecture and DevSecOps collaboration
• Third-party and supply chain risk governance
• Excellent communication, reporting, and cross-functional influence

Job Types: Full-time, Permanent

Pay: Up to ₹1,300,000.00 per year

Benefits:

• Health insurance
• Paid sick time
• Provident Fund

Ability to commute/relocate:

• Lower Parel, Mumbai, Maharashtra: Reliably commute or planning to relocate before starting work (Preferred)

Application Question(s):

• How many years of relevant experience you have?
• Have you done setup of policies for DAM, XDR, DLP, PAM, IAM based on use cases.
• How many years of experience you have in devsecops.
• How many years of experience you have in managing the information security audits.

Willingness to travel:

• 25% (Preferred)

Work Location: In person