Senior Manager - Enterprise Risk Management & Information Security - Pharma/Healthcare

Job Title : Senior Manager - Risk Management and Information Security
Location : Bangalore onlyDepartment : Risk Management - RACReports To : ERM headExperience Required: 15-20 years in Risk Management, Information Security, and Compliance rolesJob Summary :We are seeking an experienced and proactive Senior Manager - Risk Mgmt and Information Security to lead and manage our global risk, compliance, incident response, and information security programs. This role will be instrumental in overseeing end-to-end security and risk functions, maintaining global compliance standards, and ensuring business continuity in a rapidly evolving threat landscape.Key Responsibilities:Incident & Risk Management:- Manage org wide Enterprise Risk Register and keep updating and maintaining based on emerging risks- Lead Incident Management including end-to-end ownership and resolution- Manage and respond to issues related to Risks from Customers- Own RCA-CAPA processes for all deviations, including customer-facing issues- Conduct biannual Incident Simulations and ensure retraining and compliance for defaulters- Manage and address all employee risks including those related to Physical security risksCompliance & Audits:- Maintain ISMS ISO 27001, PIMS ISO 27701, SOC 2 Type 2 readiness, audit support, and NC tracking/closure- Represent Infosec in Customer Audits, SOC 2 Type 2, and other ISO assessments- Manage TPRM (Third Party Risk Management) support activities and compliance tracking- Ensure timely completion of Cybervadis assessments and support Data Classification and other Privacy initiativesPolicy & Access Management:- Own annual SOP management and policy refresh cycles for InfoSec- Administer Exception Access Management for critical controls (USB, Gmail, Admin Access etc.,)- Oversee Admin Access Management and enforce MDM/DLP policies- Oversee IP inventory and ensure there are no IP violations. Security Monitoring & Tools:- Monitor threat landscape including Dark Web Monitoring- Lead Cybersecurity Attack Simulations, including SOP creation, documentation, and testing- Maintain and optimize Forcepoint DLP policies and support MDM reviewsTraining & Awareness:- Lead Infosec Training Programs and ensure 98% compliance at any point- Refresh training materials for AUP, COE, ISMS annually- Conduct regular compliance follow-ups and retraining for defaultersMetrics & Reporting:- Define, publish, and manage IT Security Metrics dashboards- Maintain and update the Enterprise Risk TrackerStakeholder & Cross-Functional Collaboration:- Respond to and manage RFI/P (Request for Information/Proposal) documents for Infosec- Provide Infosec support for various IT initiatives and new implementations- Coordinate with internal and external stakeholders for audits, assessments, and security operationsQualifications & Skills:- Bachelor's/Master's degree in Computer Science, or related field- Industry certifications such as CISSP, CISM, CISA, ISO 27001 LA, or equivalent- In-depth knowledge of ISMS, SOC 2, Privacy laws (including GDPR/DPDPA), and security best practices- Experience in tools like Forcepoint and creating risk dashboards with heat-maps- Strong stakeholder management, communication, and team leadership skills- Ability to work independently and manage global teams and vendorsPreferred Experience:- Experience in Pharma, Healthcare, or Regulated Industries- Prior experience dealing with Customer Audits - Knowledge of emerging threats and technologies such as AI/ML in InfoSec