IT Security Manager -- Operations and Engineering

Job Title: Manager, IT Security - Operations and Engineering

Location: Hyderabad

Company: TechBlocks

Position Overview:

We are seeking a strategic leader for the role of Manager, IT Security - Operations and Engineering. This position is crucial for safeguarding TechBlocks' global network and broader digital ecosystem. You will lead the implementation of robust operational controls, manage security engineering initiatives, and work closely with engineering teams and ecosystem partners to maintain and enhance our information security standards.

Key Responsibilities:

Lead and Operate the Function:

• Continuously assess and optimize security tools to align with emerging threats and risks.
• Research and deploy state-of-the-art security solutions and innovative management techniques to mitigate risks.
• Contribute to security program planning, budgeting, and monitoring.
• Facilitate financial and regulatory IT audits, drive PCI/PPI compliance, and achieve high service level availability through regular security monitoring, scanning, and audit coordination
• Monitor external threat environments, advising stakeholders on appropriate actions.
• Develop and maintain incident response plans to ensure efficient detection, response, and recovery from security incidents.
• Lead the response to security incidents from detection to post-incident review, coordinating with internal and external stakeholders.
• Oversee daily security operations, including monitoring, logging, and analyzing security events and incidents.
• Help implement new industry specific security frameworks for a technology organization
• Identify security design gaps in TechBlocks existing security posture and propose architectural enhancements or changes
• Work closely with internal teams and third-party providers to ensure seamless integration and effectiveness of security technologies and processes
• Manage and optimize partnerships with external managed services and consulting firms.
• Own and manage various security technologies to ensure the highest standard of security
• Own and manage vulnerability management, including performing monthly Microsoft patch scans and quarterly vulnerability assessments, reporting results to management, and championing the remediation process.
• Develop, improve and manage data-driven metrics reporting on key performance indicators including anti-virus statistics, management of cyber incidents and operational activities

Set the Strategy:

• Evolve the security strategy in alignment with corporate vision, business objectives, and risk management goals.
• Implement processes to attract and retain high-performing security professionals.
• Establish and improve Key Performance Indicators (KPIs) and metrics aligned with overall corporate objectives and key results (OKRs).

Governance & Knowledge Building:

• Contribute to security governance, including executive committees, risk management, and board reporting.
• Develop and socialize security policies and operational processes with application management teams to ensure timely vulnerability management.
• Provide reports and updates to senior management on security posture, risks, and incidents.

Screening Criteria:

• Degree in Information Security, Technology, or related field (or equivalent experience).
• Minimum 10 years of combined experience in risk management, security, and IT roles.
• At least 5 years of experience in leading security incidents across various technologies and ecosystems.
• Proven experience in managing high-performing security operations and engineering teams.
• Proven experience in vulnerability management, application security, and cloud technologies.
• Advanced knowledge of infrastructure and applications technology, particularly Azure, GCP, AWS, Windows, Linux, and related security tools.
• Strong track record in developing and executing cybersecurity programs and policies.
• Strong knowledge of security tools and infrastructure.
• Strong implementation experience of security frameworks such as ISO/IEC 27001, NIST, SOC 2 etc.
• Excellent communication, leadership, and stakeholder management skills.
• Ability to work effectively in a dynamic, fast-paced environment.
• Fluent in English.

Assets:

• Professional certifications such as CISSP, CISM, or CISA.
• Senior Leadership Certifications.