Manager (IT Infrastructure and Security)

About the role:

Broad Responsibilities:

Responsible for overall Information Technology Services (ITS) function and in defining, implementing and documenting relevant processes, procedures and standards. This role will be in charge of establishing and maintaining an organization wide information systems, infrastructure, and security, management program to ensure that information assets are well performing, fully functional in a secure mode, adequately protected, monitors inventory tracking and renewals or upgrade requirements. This position is responsible for identifying, evaluating and reporting on information systems performance, and security risks, in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. The role serves as the process manager of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information protocols and security policies.

Detailed Responsibilities:

The Manager (Information Systems and Security) undertakes IT organization's technical activities and is responsible to provide regular status and service-level reports to management. The individual should be a critical thinker, a consensus builder, and an integrator of people and processes must also be able to coordinate disparate drivers, constraints and personalities, while maintaining objectivity and a strong understanding of overall organizational business objectives. The role keeps an eye on the IT support, logistics, and security, for in-premises, and off-premises distributed and virtual workforce, and is a developing opportunity for more strategic responsibilities in due course of time, the extent of duties include but not be limited to:

IT Infrastructure Management

• Management of IT Infrastructure including Servers, Network Devices, IT Security Solutions, Databases, Cloud Services, Network Connectivity and Server Rooms
• Management of IT Service Providers to ensure services are delivered effectively
• Identification and evaluation of IT System/ security solutions to meet the objectives
• Implementation of IT systems/ security solutions covering people, process and technology to ensure effectiveness of the systems/ solutions

Delivery of Business Requirements

• Understand business requirements from ITS Department and provide effective solutions keeping in mind Policies and compliance requirements
• Timely delivery of ITS Department services to Business and other Department or clients

Information and Cyber Security

• Secure network architecture and cloud security architecture
• Ensure security of IT Setup to ensure confidentiality, integrity and availability of IT Assets
• Ensure secure configuration of various systems/ devices/ platforms under ITS Department
• Ensure systems/ devices/ platforms are timely patched and upgraded
• Ensure timely closure of any audit findings/ configuration gaps/ vulnerabilities identified
• Integrate logs of various systems/ devices/ platforms under ITS Department with central log monitoring solution
• Responsible for conducting Information Security Risk Assessment and Data Privacy Impact Assessment for ITS Department
• Contribute to define, test and revision of Security Incident Management and Cyber Crisis Management Plans
• Timely respond to security events/ alerts/ incident assigned to ITS department
• Implement changes based on the lessons learnt while handling processes/ activities like change management, security incident management etc. to ensure continual improvement in IT Security controls/ practices

Service Provider/ Vendor or Supplier Management

• Define proper scope of work (SoW), service level agreements (SLAs) for third party services
• Proper evaluation and selection of service providers who can deliver defined scope of work, service levels and meet the compliance requirements which will be applicable for the service provider
• Regular monitoring of deliverables of service providers against the defined and agreed SOW and SLA and compliance requirements
• Ensure business continuity aspects while taking into account critical services

Business continuity, Disaster Recovery and Cyber Crisis Management

• Design, implement, regular testing and continual improvement of Disaster Recovery Program
• Ensure availability of systems/ devices/ servers/ services/ data without compromising on compliance requirements and information & cyber security requirements
• Ensure DR Program supports organizations BCP Program
• Represent ITS Department in organizations BCP Program and Cyber Crisis Management Program
• Responsible for conducting Business Impact Assessment for ITS Department

Team Management

• Definition of Team structure with roles and responsibility
• Selection of Team Members suitable for the defined roles and responsibility
• Clearly communicate roles and responsibility (including information & cyber security and compliance responsibilities) of Team Members
• Ensure Team Members are timely completing training assigned to them
• Monitor/ guide Team Members to motivate to deliver their the best and grow along with
• Timely feedback on the performance
• Monitor Team Members for their suspicious behaviour

Compliance

• Provide inputs for defining policies related to IT and IT Security
• Definition and regular revision of processes, standard operating procedures (SOPs) for ITS Departments
• Ensure compliance with the organizations policies and procedures to meet regulatory requirements and contractual obligations
• Represent/ responsible for ITS Department for ensuring compliance with and continual improvement in Information and Cyber Security Practices, Data Privacy Practices and regulatory compliances
• Maintain and timely provide artifacts/ evidence to demonstrate compliance to internal and external auditors
• Ensure ITS department is always audit ready and meet the compliance requirements
• Collaborate with cross-functional teams to ensure security and compliance requirements are met

Strategy and Governance

• Capacity and performance monitoring and management of IT setup
• Support CTO is preparing and planning for IT Budget
• Actively participate and contribute to IT Governance/ Information Security Meetings to ensure continual improvements
• Assist in the development and review of security policies, procedures, and controls.
• Support risk assessments and compliance audits for regulatory and industry standards (e.g., ISO 27001, NIST, SOC 2, GDPR).
• Conduct research on regulatory requirements and industry best practices.
• Help track and document security risks, incidents, and compliance gaps.
• Assist in vendor risk assessments and third-party due diligence.
• Participate in internal security awareness programs and training sessions.
• Support the team in maintaining compliance documentation and reports.
• Collaborate with cross-functional teams to ensure security and compliance requirements are met.
• Identifying vulnerabilities, assessing security risks, and implementing risk mitigation strategies.
• Monitoring systems for security breaches, responding to incidents, and conducting post-incident analysis.
• Security Awareness Training - Educating employees about security best practices and promoting a security-conscious culture.
• Working with various stakeholders, including IT, operations, and management, to ensure alignment of security objectives.
• Audit systems and networks, and assess their outcomes; Identify problematic areas and implement strategic solutions; and plan, organize, control and evaluate IT and electronic data operations; and ensure operations, safety and security of data, network access and backup systems
• To keep up to date with IT systems and security trends, threats and control measures; and preserve assets, information security and control structures; maintain a knowledgebase as a technical reference library, systems and security advisories and alerts, information on IT trends and practices, and laws and regulations.
• To be proactive in making recommendations for updates to policies & procedures as required.
• Manage the day-to-day activities of IT infrastructure performance and associated threat and vulnerability management; conduct technical vulnerability assessments of IT systems/processes, identify vulnerabilities and risks, and to make recommendations to control any threats and to ensure solutions are implemented.
• To respond rapidly and effectively to operational IT components of incident management, including detection, response and reporting; including computer forensics for evidence gathering and preservation and efficient liaison with external and law enforcement agencies as/when required
• To be responsible for the coordination of regular Information systems performance and security reviews in the organization, and with partner organizations, by conducting assessments for systems, processes and infrastructure, and making recommendations to minimize risks identified.
• Assure all IT activities are performed within the parameters of policies, applicable laws, and regulations
• Ensure smooth, reliable and resilient IT services; and analyse business requirements by partnering with key stakeholders, including technology, audit, legal, HR and others, across the organization to develop solutions for IT needs, as required
• Proactively engage in the planning and implementation of business continuity plan /disaster recovery plan
• Handle business-critical IT tasks and systems administration; and continuously analyse current process, technologies, and vendors to identify opportunities for improvement
• Manage outsourced vendors that provide information systems, infrastructure, and security functions, for compliance with contracted service-level agreements
• Develop and monitor annual IT budgets, manage variances, and ensure cost effectiveness, and periodic maintenance and renewal/upgrades plans
• To work closely with the management to assist and provide inputs to ensure that organizational policies and procedures for Information Security are effective and compliances are adhered to.
• To oversee the ISS information security risk-register and carry out actions to mitigate risks identified
• To manage other activities that may arise through evolution, growth or restructuring
• Train employees on both software and hardware, troubleshoot, and provide technical support when needed
• Inspire continuous improvement of all IT team processes and initiatives: Continually driving operational excellence
• Define a comprehensive security roadmap that includes cutting edge trends within Applications, APIs, Data networks; and help our clients mitigate known risks and pre-empt unknown threats to safeguard data, networks, people and assets
• To work in a mixed Windows and Unix software environment. Manage the instances of cloud infrastructure services and the multiple cloud servers. Leads, oversees and maintains, multiuser computing environment as per the requirements of the organization.

Preferred Knowledge, Skill & Ability:

• Certification in ITIL4 is desired (or should be willing to learn and apply ITIL4 standards on the job to demonstrate equivalent competence)
• Certification in ISO 2700x series for ISMS as internal auditor, is desired (or should be willing to learn and apply the standards/requirements on the job to demonstrate equivalent competence)
• Excellent knowledge of technical management, information analysis and of computer hardware / software, servers, and networking systems
• Expertise in Linux (Ubuntu) operating systems, data management, and security governance is required
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• Exhibit excellent analytical skills, along with validated problem-solving ability, to work well in a demanding and dynamic environment and planning skills, to meet overall organizational objectives
• Strong critical thinking and decision-making skills; and highly organized and detail oriented