Manager - IT Security

JOB SUMMARY

1. Information Security Strategy & Governance

• Develop and maintain a comprehensive IT & OT security strategy aligned with organizational objectives.
• Define, review, and update information security policies, standards, procedures, and SOPs.
• Benchmark security controls with industry standards and regulatory requirements.

1. Security Control Deployment & Technology Integration

• Implement and oversee IT & OT security controls across infrastructure, applications, and cloud environments.
• Ensure that new technologies and projects incorporate security-by-design principles.
• Prioritize security initiatives based on risk impact and business requirements.

1. Security Operations & SOC Management

• Manage day-to-day security operations including monitoring, incident detection, and response.
• Operate and improve SOC capabilities (threat intelligence, SIEM, log monitoring, and vulnerability management).
• Coordinate vulnerability scans, configuration reviews, and patch management cycles.

1. Compliance, Audit & Regulatory Adherence

• Ensure compliance with applicable laws, regulations, and standards (e.g., ISO 27001, NIST, IT Act, CEA Guidelines).
• Coordinate with internal/external auditors and manage closure of audit findings.
• Ensure accurate and timely regulatory reporting to government agencies.

1. Risk Assessment & Vendor Management

• Conduct security risk assessments across IT and OT systems to identify and mitigate threats.
• Perform partner/vendor risk assessments prior to onboarding and periodically thereafter.
• Recommend controls and countermeasures aligned with industry best practices.

1. End-User Security & Awareness

• Define and enforce policies for end-user computing, mobile devices, and digital workplace security.
• Conduct security awareness campaigns and training for employees and stakeholders.
• Foster a security-first culture across the organization.

1. Incident Response & Business Continuity Support

• Establish and manage the incident response framework including escalation paths, communication plans, and SOPs.
• Lead post-incident analysis to identify root causes and corrective actions.
• Collaborate with IT and business continuity teams to ensure resilience and recovery.

1. Operational Technology (OT) Security

• Implement and manage security controls for critical OT infrastructure including SCADA/ICS systems.
• Deploy a layered defence strategy using both technical and process-based safeguards.
• Ensure OT systems comply with both IT security and CEA Guidelines.

Key Competencies (Technical & Behavioral):