Senior Manager Information Security

Senior Information Security & Control Manager

Key Skills:
Information Security, Cyber Security, ISO 27001, IT Risk Assessment.

Location:
Pune

Experience:
8 – 12 years

Work Model:
5 days WFO

Budget:
26 LPA

Domain:
Payments, Banking or IT.

Job Description:

We are seeking a seasoned and strategic
Senior Manager, Information Security & Control
to lead and strengthen our cybersecurity, IT risk, and compliance initiatives. In this leadership role, you will oversee the development and execution of security governance, risk management, internal control frameworks, and compliance programs across a portfolio of client environments.

As a key advisor to executive stakeholders, you will be responsible for delivering secure, compliant, and resilient information systems by driving the alignment of cybersecurity practices with business goals, regulatory mandates, and industry standards.

Key Responsibilities:

1. Enterprise IT Risk Assessment & Control Framework Oversight

• Lead the identification, evaluation, and mitigation of IT and cybersecurity risks across infrastructure, applications, and data assets.
• Define and manage control frameworks to address key risk areas, especially in cloud, hybrid, and multi-tenant environments.
• Conduct executive-level risk assessments and deliver control strategies to reduce vulnerabilities and ensure operational integrity.
• Oversee business impact analyses, risk appetite assessments, and the integration of risk controls into broader IT governance.

2. Security Operations & Incident Oversight

• Provide strategic direction and oversight to Security Operations Center (SOC) activities and security monitoring initiatives.
• Lead high-severity incident management efforts, ensuring timely escalation, communication, and root cause analysis.
• Evaluate detection and response capabilities and implement enhancements for real-time threat intelligence and response workflows.
• Define SOC performance metrics and ensure adherence to service-level agreements and best practices.

3. Compliance Management & Regulatory Alignment

• Lead enterprise compliance efforts with international and local regulations (e.g.,
  GDPR, Law 25, PIPEDA, ISO 27001, PCI-DSS
  ).
• Develop and maintain governance models, internal controls, and audit mechanisms to ensure regulatory readiness.
• Manage client-facing and internal audit engagements, ensuring timely resolution of compliance gaps and issues.
• Act as a strategic liaison between technical teams, compliance officers, and legal counsel.

4. Data Privacy & Protection Governance

• Oversee the design and implementation of robust data protection programs, including encryption, anonymization, and access controls.
• Ensure organizational adherence to privacy laws through formal policies, data protection impact assessments (DPIAs), and secure data lifecycle management.
• Collaborate with Data Protection Officers (DPOs) and client stakeholders to operationalize privacy-by-design principles.

5. Crisis Management & Business Continuity Leadership

• Lead enterprise crisis response planning and business continuity initiatives, including scenario testing and tabletop exercises.
• Provide senior guidance during major cybersecurity incidents or breaches, ensuring minimal business disruption and timely recovery.
• Evaluate and enhance continuity plans to account for evolving threats and operational dependencies.

6. Security Awareness, Training & Stakeholder Engagement

• Develop organization-wide training programs to promote security best practices and compliance awareness.
• Deliver executive workshops and functional team training on cybersecurity risks, policy compliance, and secure operations.
• Foster a culture of accountability and security ownership across business units and client organizations.

7. Strategic Threat Intelligence & Regulatory Monitoring

• Monitor emerging cybersecurity threats, evolving attack vectors, and global regulatory developments.
• Translate external intelligence into actionable internal strategies, technology investments, and control adjustments.
• Provide forward-looking guidance to leadership and clients to stay ahead of regulatory and technological shifts.

8. Reporting, Governance, and Executive Communication

• Oversee the creation of risk dashboards, compliance status reports, and security performance metrics for executive audiences.
• Present complex security and compliance concepts to senior stakeholders in a clear and actionable manner.
• Support board-level reporting and contribute to security strategy development in alignment with corporate objectives.

Required Qualifications:

• Bachelor's or master's degree in computer science
  , Information Security, Risk Management
  , or related discipline.
• 8-14 years of experience
  in cybersecurity, IT risk management, compliance, or information security governance, with
  3+ years in managerial role
  .
• Deep expertise in regulatory standards and control frameworks, such as
  ISO 27001, NIST, COBIT, PCI-DSS, GDPR, Law 25, and PIPEDA
  .
• Strong knowledge of SOC operations, SIEM tools, threat detection, and incident response strategies.
• Proven ability to manage and influence stakeholders at all levels, including C-suite and board members.
• Preferred certifications:
  CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor
  , or equivalent.