IT Security Manager

Job Description

Gurgaon 1 7 to 11 years Full Time About the Role We are hiring an experienced IT Security Manager to lead our enterprise-wide security initiatives in the Banking & Financial Services domain. You will be responsible for defining and enforcing security standards across applications, infrastructure, data, and user environments, ensuring compliance with RBI and other regulatory requirements. This is a strategic and hands-on role suited for a security leader who understands the unique challenges of financial systems and enterprise-grade IT infrastructure. Key Responsibilities Define and implement enterprise-level security policies, frameworks, and controls aligned with RBI guidelines, ISO 27001, and other BFSI regulations. Lead end-to-end security operations: vulnerability management, threat detection, incident response, and security monitoring. Work closely with Compliance, DevOps, Cloud, and Infrastructure teams to embed security into all layers of IT. Oversee data protection and privacy efforts, including encryption, data classification, DLP, and secure data sharing. Conduct regular internal/external audits, third-party risk assessments, and compliance checks. Establish and manage Identity & Access Manage enterprise security tools such as SIEM, endpoint protection, firewalls, IDS/IPS, and antivirus. Lead employee security awareness and training programs across the organization. Coordinate with regulators, auditors, and client teams for security reviews and certifications. Stay updated with BFSI-specific cyber threats and regulatory changes. Required Skills & Qualifications Bachelor’s or Master’s degree in Computer Science, Information Security, or related field. 7+ years of experience in IT Security, with 3+ years in a BFSI or regulated enterprise environment. Strong knowledge of RBI cybersecurity guidelines, ISO 27001, NIST, SOC 2, and data privacy laws (DPDP/GDPR). Experience in securing enterprise applications (core banking, lending, payments, etc.) and cloud infrastructure (AWS, Azure). Hands-on experience with tools like SIEM, WAF, EDR, DLP, IAM, vulnerability scanners, and endpoint security platforms. Deep understanding of network security, application security (including mobile/web), and secure SDLC practices. Security certifications preferred: CISSP, CISM, CEH, CRISC, ISO 27001 Lead Implementer/Auditor.