Security Manager

Job Description

The Security & Compliance Manager will lead the organization’s IT security and compliance initiatives, acting as the Single Point of Contact (SPOC) for all third-party audits, especially from BFSI clients. This role ensures adherence to regulatory, data protection, and industry standards. Key Responsibilities Act as the Single Point of Contact (SPOC) for all BFSI customer audits, third-party assessments, and compliance reviews.Maintain and enforce security policies, risk registers, audit trails, and compliance documentation.Ensure ongoing compliance with ISO 27001, SOC 2, RBI, GDPR, TRAI, and other applicable BFSI regulations.Conduct internal audits, gap analyses, and drive remediation plans to closure.Coordinate with legal, IT, DevOps, and business teams to ensure audit readiness and evidence collection.Lead incident response planning, security drills, and business continuity testing.Manage vendor risk assessments, NDAs, and third-party compliance documentation.Perform regular risk assessments and maintain an up-to-date risk register.Conduct vulnerability scans across infrastructure, APIs, applications, and endpoints.Coordinate with external vendors for annual penetration testing and ensure timely remediation.Track, prioritize, and patch vulnerabilities based on CVSS scores and business impact.Develop and maintain a compliance calendar to track all audit and certification timelines.Own and manage the Information Security Management System (ISMS) lifecycle.Prepare and present audit reports, dashboards, and risk summaries to senior leadership.Ensure data privacy and protection controls are implemented across all CPaaS services.Conduct security awareness training and phishing simulations for employees.Review and approve security controls for new projects, vendors, and cloud deployments.Maintain incident logs, RCA reports, and ensure timely closure of security incidents.Collaborate with product and engineering teams to embed security-by-design principles.Stay updated with regulatory changes in the BFSI sector and translate them into actionable controls.Lead external certification audits (e.g., ISO, SOC 2) and manage evidence collection and walkthroughs. Required Skills And Qualifications Bachelor’s degree in information security, IT, or related field.6+ years of experience in IT security, audit, and compliance.Strong knowledge of BFSI regulatory frameworks and data privacy laws.Experience with GRC tools, audit frameworks, and documentation.Certifications: CISA, CISM, ISO 27001 Lead Auditor, or equivalent preferred.Excellent communication and stakeholder management skills.