Manager - Information Security

What youll be doing (Job responsibilities for this role)

Regulatory Compliance & Governance

1. Ensure adherence to

   Reserve Bank of India (RBI)

   cybersecurity directives and other applicable regulatory frameworks.
2. Lead internal audits and coordinate with external auditors for compliance assessments.
3. Maintain up-to-date documentation and evidence for regulatory inspections and certifications.

2. Vulnerability & Risk Management

1. Oversee the

   vulnerability management lifecycle

   , ensuring timely identification, prioritization, and remediation of security gaps.
2. Collaborate with IT and development teams to implement and track remediation plans.
3. Conduct periodic risk assessments and report findings to senior leadership.

3. Secure Configuration & Architecture

1. Define and enforce

   secure configuration baselines

   for systems, applications, and network devices.
2. Review architecture and design of new systems to ensure alignment with security best practices.

4. External Certifications

1. Lead and manage certification processes such as

   ISO 27001

   ,

   PCI DSS

   , and other relevant standards.
2. Ensure continuous compliance and readiness for surveillance and recertification audits.

5. Data Loss Prevention (DLP)

1. Manage and monitor

   DLP policies

   to prevent data leakage and unauthorized access.
2. Investigate and respond to DLP alerts in coordination with relevant teams.

6. Security Assessments & Incident Response

1. Conduct security assessments for new applications, third-party integrations, and infrastructure changes.
2. Support incident response planning, execution, and post-incident reviews.

7. SIEM & Threat Detection

1. Oversee the development and optimization of

   SIEM use cases

   to enhance threat detection and response.
2. Work with SOC teams to ensure effective monitoring and alerting.

8. Training & Awareness

1. Design and deliver

   security awareness programs

   to foster a security-first culture across the organization.
2. Conduct targeted training for high-risk departments and roles.

9. Leadership & Collaboration

1. Actively participate in the

   Information Security Steering Committee

risk ownership and accountability

What youll need to bring along

1. 10 - 12 years experience in information security and Technology professional
2. Bachelors degree in information security, Computer Science, or a related field.
3. Certification in security (CISA, CISM, CISSP) is a strong plus
4. Proven experience in regulatory compliance, vulnerability management, and secure configurations.
5. Strong knowledge of ISO 27001 and PCI DSS certification processes.
6. Excellent communication and interpersonal skills, with the ability to conduct effective training sessions.
7. Experience with DLP tools and technologies.
8. Ability to conduct thorough security assessments and provide actionable recommendations.
9. Experience with SIEM tools and use case development
10. Excellent analytical skills with the eye for details
11. Multi culture mindset and flexibility, able to work in an international environment