Associate Manager IT APOC

Job Title

Manager Information Security & ITSM Governance

Job Purpose

Responsible for managing Information Security activities and ITSM processes related to Airport IT Operations, ensuring security, quality, and compliance of systems, services, and processes. Ensure IT process alignment with business and stakeholder requirements. Govern confidentiality, integrity, and availability of systems and services, adhering to regulatory and statutory requirements.

Organization Chart

Key Accountabilities & Performance Indicators

Strategy & Governance

Reduce the gap between current and desired security states to acceptable risk levels. Roll out corporate initiatives as per guidelines. Propose, review, and recommend cost-effective security solutions. Design and review security architecture and policy effectiveness. Define and track security performance metrics.

No of Reviews No of Architectural Changes

Information Risk Management

Asset classification and Business Impact Assessments. Threat and Vulnerability Evaluation. Risk assessment and risk mitigation strategies. Implement security controls and countermeasures. Integrate risk management into the information lifecycle. Formulate and review Risk Acceptance Criteria.

No of Risks Identified/Mitigated No of Critical Incidents

Information Security Program Development & Management

Identify and evaluate new security technologies and trends. Align security architecture with evolving business needs. Develop and implement security policies, standards, and procedures. Embed security requirements into contracts and vendor management. Design, implement, and report security metrics.

No of deviations from Policy Percentage of Compliance

Information Security Incident Management

Manage Security Operations Center (SOC). Escalate unresolved security incidents. Conduct and report penetration and vulnerability tests. Review security logs and coordinate forensics and analysis with vendors.

SLA Compliance Percentage of Critical Incidents Impact on CIA (Confidentiality, Integrity, Availability)

IT Service Delivery & Support

Implement Plan, Do, Check, Act management system. Design and roll out ITIL-compliant processes. Define and track KPIs and SLAs. Support RFP floating and vendor proposals. Conduct customer satisfaction surveys and complaints management.

No of Service Improvements Percentage of Backlogs (Problems/Changes) Adherence to BCP (Business Continuity Plan)

IS/IT Audit Process Management

Conduct ISO 20000/27001 internal and external audits. Review audit findings and implement corrective actions. Improve management systems and ensure regulatory compliance.

Compliance with Standards Number of Non-Conformities (NCs)

External Interactions

Regulatory Agencies and Airlines: Information security approvals, NDAs, compliance reporting. Vendors: Security policy compliance, procurement, vulnerability assessments, SLA reviews. Implementation Partners: Ensure security compliance with data privacy regulations. OEMs: Performance reviews, SLA tracking, security audits.

Internal Interactions

Business Units: Ensure security policy alignment and regulatory compliance. HR and Compliance: Access controls, pre-entry/exit protocols, incident reporting. Joint Venture Partners: Security alignment, awareness programs, SLA reviews. Corporate IT and CISO: Implement best security practices.

Financial Dimensions

OPEX Management SIEM log monitoring and compliance Cost optimization and revenue assurance activities

Other Dimensions

Team Size: 1 Customers Supported: 130 End Users: 1000+ staff (HIAL, GADL & other airport companies)

Education Qualifications

Required B.E. (Computers / Electronics / IT) Postgraduate in Computer/IT CRISC / CISA / CISM certification

Desirable MBA

Relevant Experience

9-11 Years in IT with at least 8 years in Information Security, Quality, and Assurance functions