Manager - IT Security

JOB SUMMARY

The Information Security Manager is responsible for developing, implementing, and maintaining the organizations information security framework, policies, and controls. The role ensures the confidentiality, integrity, and availability of information assets across IT and OT environments, while aligning security initiatives with business objectives and regulatory requirements.

Key Result Areas:

1. Information Security Strategy & Governance

2. Develop and maintain a comprehensive IT & OT security strategy aligned with organizational objectives.

3. Define, review, and update information security policies, standards, procedures, and SOPs.

4. Benchmark security controls with industry standards and regulatory requirements.

5. Security Control Deployment & Technology Integration

6. Implement and oversee IT & OT security controls across infrastructure, applications, and cloud environments.

7. Ensure that new technologies and projects incorporate security-by-design principles.

8. Prioritize security initiatives based on risk impact and business requirements.

9. Security Operations & SOC Management

10. Manage day-to-day security operations including monitoring, incident detection, and response.

11. Operate and improve SOC capabilities (threat intelligence, SIEM, log monitoring, and vulnerability management).

12. Coordinate vulnerability scans, configuration reviews, and patch management cycles.

13. Compliance, Audit & Regulatory Adherence

14. Ensure compliance with applicable laws, regulations, and standards (e.g., ISO 27001, NIST, IT Act, CEA Guidelines).

15. Coordinate with internal/external auditors and manage closure of audit findings.

16. Ensure accurate and timely regulatory reporting to government agencies.

17. Risk Assessment & Vendor Management

18. Conduct security risk assessments across IT and OT systems to identify and mitigate threats.

19. Perform partner/vendor risk assessments prior to onboarding and periodically thereafter.

20. Recommend controls and countermeasures aligned with industry best practices.

21. End-User Security & Awareness

22. Define and enforce policies for end-user computing, mobile devices, and digital workplace security.

23. Conduct security awareness campaigns and training for employees and stakeholders.

24. Foster a security-first culture across the organization.

25. Incident Response & Business Continuity Support

26. Establish and manage the incident response framework including escalation paths, communication plans, and SOPs.

27. Lead post-incident analysis to identify root causes and corrective actions.

28. Collaborate with IT and business continuity teams to ensure resilience and recovery.

29. Operational Technology (OT) Security

30. Implement and manage security controls for critical OT infrastructure including SCADA/ICS systems.

31. Deploy a layered defence strategy using both technical and process-based safeguards.
32. Ensure OT systems comply with both IT security and CEA Guidelines.

Key Competencies (Technical & Behavioral):

CompetencyDescription1. Technical Expertise in Security Tools & TechnologiesProficiency in managing enterprise-grade firewalls, IDS/IPS, EDR, SIEM, DLP, email/internet security tools, and vulnerability management platforms. Experience in cloud security (AWS, Azure, GCP) and OT security environments.2. Regulatory & Compliance KnowledgeIn-depth understanding of ISO 27001, NIST CSF, GDPR, HIPAA, PCI DSS, IT Act, and CEA Guidelines. Ability to interpret compliance requirements and translate them into actionable policies and controls.3. Risk Management & AssessmentStrong capability in identifying, analyzing, and mitigating IT and OT security risks. Skilled in performing vendor/partner risk assessments and recommending industry-standard controls.4. Incident Response & Crisis ManagementExpertise in handling security incidents, breaches, and cyber crises. Ability to lead cross-functional response teams, establish SOPs, and communicate effectively during high-pressure situations.5. Leadership & Stakeholder ManagementAbility to lead security teams, mentor junior staff, and collaborate with IT, operations, compliance, and executive management. Skilled at balancing business priorities with security imperatives.6. Analytical & Problem-Solving SkillsStrong ability to assess complex environments, identify gaps, and provide practical security solutions. Experienced in interpreting security logs, performing root cause analysis, and improving defenses.7. Communication & Awareness BuildingClear communicator capable of translating technical risks into business language for executives. Experienced in conducting awareness programs, workshops, and stakeholder education.8. Project & Change ManagementSkilled in managing multiple security initiatives simultaneously. Experience in planning, prioritizing, and delivering projects that integrate security into digital transformation initiatives.

Key measures for the successful delivery of the role:

EssentialsGood to HavesProven experience in IT & OT security managementExperience in energy, utilities, or critical infrastructure sectorMinimum 58 years in information security rolesExposure to international security audits & regulatorsStrong knowledge of SOC operations and incident responseHands-on experience with cloud-native security toolsCertification in ISO 27001, CISSP, CISM, or CISAAdditional certifications like CEH, CASP, or NIST Cybersecurity Framework expertiseAbility to manage audits, compliance checks, and regulatory reportingPrior experience in leading digital workplace/EUC security programs