Information Security Manager

Job Description

PURPOSE OF THE POSITION: We are looking for a highly skilled Information Security Manager to lead and implement ISO 27001 compliance, cybersecurity strategies, and risk management within our organization. The ideal candidate will establish and maintain security policies, manage information security risks, and ensure compliance with regulatory standards like SOC2, GDPR, and NIST frameworks. ROLES & RESPONSIBILITIES: ISO 27001 Implementation & Compliance: - Develop, implement, and maintain an Information Security Management System (ISMS) aligned with ISO 27001 standards. - Conduct ISO 27001 gap analysis, risk assessments, and audits to ensure compliance. - Define and enforce information security policies, procedures, and controls to safeguard data integrity, confidentiality, and availability. - Drive ISO 27001 certification efforts, ensuring successful audits and continuous improvements. - Lead security awareness training programs for employees to enhance the organization's security posture. Cybersecurity Strategy & Risk Management: - Develop and implement a cybersecurity strategy to protect against threats, vulnerabilities, and attacks. - Conduct regular penetration testing, vulnerability assessments, and security audits to identify and mitigate risks. - Implement Zero Trust architecture, access control mechanisms, and security best practices across IT infrastructure. - Monitor threat intelligence, security incidents, and cyber threats, responding with effective mitigation strategies. - Ensure security of cloud infrastructure (AWS, Azure, GCP) by enforcing IAM policies, encryption, and secure configurations. - Establish and manage a Security Incident Response Plan (SIRP) for rapid threat detection and mitigation. Regulatory Compliance & Governance: - Ensure compliance with ISO 27001, SOC2, GDPR, NIST, PCI-DSS, and other industry security frameworks. - Collaborate with internal teams to align security policies with business operations and regulatory requirements. - Work with external auditors and security consultants to maintain compliance certifications and regulatory audits. - Develop and maintain security metrics, dashboards, and reports for leadership and regulatory bodies. Security Operations & Monitoring: - Oversee SIEM (Security Information and Event Management) solutions for real-time threat detection. - Implement and manage Intrusion Detection & Prevention Systems (IDS/IPS), firewalls, and endpoint security solutions. - Develop and enforce incident response, disaster recovery, and business continuity plans. - Ensure data protection, encryption, and secure backup strategies are in place for all critical systems. EDUCATIONAL QUALIFICATION: Any Technical Degree BTech., B.E. BCA, MCA will be preferred. REQUIRED SKILLS & QUALIFICATIONS: - 5+ years of experience in information security, cybersecurity, or compliance roles. - Strong expertise in ISO 27001 implementation, auditing, and certification. - Hands-on experience with security risk assessments, vulnerability management, and threat modeling. - Deep understanding of cybersecurity frameworks (SOC2, NIST, CIS, GDPR, PCI-DSS). - Experience with SIEM solutions (Splunk, ELK, QRadar, or similar) for security monitoring. - Knowledge of firewalls, IDS/IPS, endpoint protection, and cloud security best practices. - Strong understanding of IAM, network security, encryption, and access control policies. - Certifications like CISM, CISSP, CISA, CEH, ISO 27001 Lead Auditor/Implementer are highly preferred. - Strong problem-solving, communication, and stakeholder management skills. PROFESSIONAL ATTRIBUTES: - Strong interpersonal and communication skills, being an effective team player, being able to work with individuals at all levels within the organization and building remote relationships. - Excellent English skills and experience working within a multi-location team. - Excellent prioritization skills, the ability to work well under pressure, and the ability to multi- task. - Ability to work independently with minimal supervision and to resolve problems on non-routine matters. WHY JOIN US? - Opportunity to be part of a rapidly growing, innovative product-based company. - Collaborate with a talented, driven team focused on building high-quality software solutions. - Competitive compensation and benefits package. Show more Show less