Information Security Manager

Broad Function:<\/u><\/b>
<\/span><\/div>

<\/span><\/div>
The Information Security Manager will be responsible for developing, implementing, and maintaining the organization\u2019s information security strategy, risk framework, policies, and controls. This role requires deep expertise in cyber operations, audit management, risk evaluation, and compliance with security standards such as ISO 27001, SOC 2, and NIST.This is not a coordination\-only role.<\/span><\/span>
The role demands hands\-on ownership to get things done end\-to\-end by working closely with Engineering, DevOps, IT, HR, Operations, and Management. The primary objective of this role is to deliver measurable security outcomes, including certifications, audit closures, hardened systems, and sustained compliance.<\/span><\/span>
<\/div>

<\/div>
Key Roles & Responsibilities (Not Limited To)<\/u><\/b>
<\/span><\/div>

<\/span><\/div>
1. Information Security Governance & Policy Management:<\/b><\/span>
<\/span><\/div>

<\/span><\/div>
Define, develop, implement, and continuously improve information security policies, standards, procedures, and guidelines. <\/span>
<\/span><\/span><\/li>
Own and maintain the Information Security Management System (ISMS) aligned with ISO 27001.<\/span>
<\/span><\/span><\/li>
Establish governance frameworks to ensure consistent security implementation across:<\/span>
<\/span><\/span><\/li>
Corporate IT<\/span>
<\/span><\/span><\/li>
Product engineering<\/span>
<\/span><\/span><\/li>
Cloud infrastructure<\/span>
<\/span><\/span><\/li>
Manufacturing/plant environments (IT/OT)<\/span>
<\/span><\/span><\/li>
Ensure alignment with ISO 27001, SOC 2, PCI DSS, GDPR, and client\-specific security requirements.<\/span>
<\/span><\/span><\/li>
Act as the primary point of contact for information security governance across business units.<\/span>
<\/span><\/span><\/li><\/ul>

<\/span><\/div>

<\/b><\/span><\/div>
2. Risk Management, Compliance & Audit Ownership:<\/b><\/span>
<\/span><\/div>

<\/span><\/div>
Conduct periodic enterprise risk assessments, threat modeling, and vulnerability assessments across IT, cloud, product, and plant systems. <\/span>
<\/span><\/span><\/li>
Maintain and continuously update:<\/span>
<\/span><\/span><\/li>
Risk registers<\/span>
<\/span><\/span><\/li>
Asset inventories<\/span>
<\/span><\/span><\/li>
Control matrices<\/span>
<\/span><\/span><\/li>
Compliance dashboards<\/span>
<\/span><\/span><\/li>
Lead and independently manage:<\/span>
<\/span><\/span><\/li>
ISO 27001 certification and surveillance audits<\/span>
<\/span><\/span><\/li>
SOC 2 Type I & II audits<\/span>
<\/span><\/span><\/li>
PCI DSS compliance assessments<\/span>
<\/span><\/span><\/li>
Client and partner security audits<\/span>
<\/span><\/span><\/li>
Coordinate audit schedules, evidence collection, documentation, and stakeholder interactions.<\/span>
<\/span><\/span><\/li>
Track, manage, and ensure timely closure of non\-conformities (NCs), observations, and CAPAs.<\/span>
<\/span><\/span><\/li>
Ensure continuous compliance with regulatory, contractual, and customer\-driven security obligations.<\/span>
<\/span><\/span><\/li><\/ul>

<\/span><\/div>

<\/span><\/div>
3. Security Operations, Monitoring & Tooling:<\/b><\/span>
<\/span><\/div>

<\/span><\/div>
Oversee day\-to\-day security operations including: <\/span>
<\/span><\/span><\/li>
SIEM monitoring<\/span>
<\/span><\/span><\/li>
Log management<\/span>
<\/span><\/span><\/li>
Threat detection and alerting<\/span>
<\/span><\/span><\/li>
Collaborate with IT and infrastructure teams to strengthen:<\/span>
<\/span><\/span><\/li>
Network security<\/span>
<\/span><\/span><\/li>
Endpoint security<\/span>
<\/span><\/span><\/li>
Identity and access management (IAM)<\/span>
<\/span><\/span><\/li>
Cloud security posture<\/span>
<\/span><\/span><\/li>
Evaluate, implement, and manage security tools such as:<\/span>
<\/span><\/span><\/li>
Firewalls, IDS/IPS<\/span>
<\/span><\/span><\/li>
EDR/antivirus solutions<\/span>
<\/span><\/span><\/li>
DLP solutions<\/span>
<\/span><\/span><\/li>
IAM, MFA, PAM<\/span>
<\/span><\/span><\/li>
Vulnerability management tools<\/span>
<\/span><\/span><\/li>
Define and monitor security KPIs and metrics for management reporting.<\/span>
<\/span><\/span><\/li><\/ul>

4. Incident Response, BCP & Disaster Recovery:<\/b>
<\/span><\/div>

<\/span><\/div>
Develop, maintain, and test Incident Response Plans (IRP). <\/span>
<\/span><\/span><\/li>
Lead investigation, containment, remediation, and root\-cause analysis of:<\/span>
<\/span><\/span><\/li>
Security incidents<\/span>
<\/span><\/span><\/li>
Data breaches<\/span>
<\/span><\/span><\/li>
Vulnerability exploitation.<\/span>
<\/span><\/span><\/li>
Coordinate incident response with internal teams, vendors, and external stakeholders when required.<\/span>
<\/span><\/span><\/li>
Own and enhance Business Continuity Plans (BCP) and Disaster Recovery (DR) frameworks.<\/span>
<\/span><\/span><\/li>
Conduct periodic BCP/DR drills, tabletop exercises, and cyber incident simulations.<\/span>
<\/span><\/span><\/li>
Ensure readiness for ransomware, data breach, and operational disruption scenarios.
<\/span><\/span><\/li><\/ul>

<\/div>

<\/b><\/span><\/span><\/div>
5. Product, Application & Secure SDLC:<\/b><\/span>
<\/span><\/div>

<\/span><\/div>
Work closely with product engineering and development teams to embed security\-by\-design principles. <\/span>
<\/span><\/span><\/li>
Define and enforce Secure SDLC practices, including:<\/span>
<\/span><\/span><\/li>
Secure coding standards<\/span>
<\/span><\/span><\/li>
Code reviews<\/span>
<\/span><\/span><\/li>
Vulnerability scanning<\/span>
<\/span><\/span><\/li>
Penetration testing coordination<\/span>
<\/span><\/span><\/li>
Oversee application security for internally developed and third\-party products.<\/span>
<\/span><\/span><\/li>
Manage vulnerability remediation lifecycle for product platforms.<\/span>
<\/span><\/span><\/li>
Support customer security questionnaires, product security documentation, and assurance artifacts.

<\/span><\/span><\/li><\/ul>
6. Cloud Security & Certifications:<\/b><\/span>
<\/span><\/div>

<\/span><\/div>
Lead security initiatives for cloud\-hosted products and platforms (AWS / Azure/etc) <\/span>
<\/span><\/span><\/li>
Drive cloud security compliance and certifications such as:<\/span>
<\/span><\/span><\/li>
ISO 27001 for cloud scope<\/span>
<\/span><\/span><\/li>
SOC 2 for SaaS platforms<\/span>
<\/span><\/span><\/li>
Cloud\-specific best practices (CIS Benchmarks)<\/span>
<\/span><\/span><\/li>
Implement and monitor:<\/span>
<\/span><\/span><\/li>
Cloud IAM and least\-privilege access<\/span>
<\/span><\/span><\/li>
Secure configuration baselines<\/span>
<\/span><\/span><\/li>
Cloud logging and monitoring<\/span>
<\/span><\/span><\/li>
Data protection and encryption controls<\/span>
<\/span><\/span><\/li>
Partner with DevOps teams to integrate security into CI/CD pipelines<\/span><\/span>
<\/li><\/ul>

<\/span><\/span><\/div>
7. Internal Systems, Access & Data Protection:<\/b><\/span>
<\/span><\/div>

<\/span><\/div>
Ensure secure configuration and access control for internal enterprise systems including: <\/span>
<\/span><\/span><\/li>
Zoho, JIRA<\/span>
<\/span><\/span><\/li>
Office 365 Suite<\/span>
<\/span><\/span><\/li>
Other SaaS and internal applications<\/span>
<\/span><\/span><\/li>
Conduct periodic:<\/span>
<\/span><\/span><\/li>
User access reviews<\/span>
<\/span><\/span><\/li>
Privileged access reviews<\/span>
<\/span><\/span><\/li>
Segregation of duties (SoD) checks<\/span>
<\/span><\/span><\/li>
Ensure strong data classification, handling, retention, and protection controls.<\/span>
<\/span><\/span><\/li>
Support privacy and data protection requirements related to customer and employee data<\/span>
<\/span><\/span><\/li><\/ul>

<\/span><\/div>

<\/span><\/div>
8. Plant / OT Security (Where Applicable):<\/b>
<\/span><\/div>
Collaborate with plant and operations teams to assess and improve OT / industrial system security. <\/span>
<\/span><\/span><\/li>
Ensure basic cybersecurity controls for plant networks, devices, and access.<\/span>
<\/span><\/span><\/li>
Conduct risk assessments for IT\u2013OT integration points.<\/span>
<\/span><\/span><\/li>
Align plant security controls with overall organizational security governance.<\/span>
<\/span><\/span><\/li><\/ul>

<\/span><\/div>

<\/span><\/div>
9. Training, Awareness & Security Culture<\/b>:
<\/span><\/div>

<\/span><\/div>
Design and conduct periodic information security awareness programs for employees. <\/span>
<\/span><\/span><\/li>
Develop training materials covering:<\/span>
<\/span><\/span><\/li>
Phishing and social engineering prevention<\/span>
<\/span><\/span><\/li>
Password and access hygiene<\/span>
<\/span><\/span><\/li>
Data protection and privacy<\/span>
<\/span><\/span><\/li>
Secure development practices<\/span>
<\/span><\/span><\/li>
Run simulated phishing exercises and track improvement metrics.<\/span>
<\/span><\/span><\/li>
Foster a strong, organization\-wide security\-first culture

<\/span><\/span><\/li><\/ul>

<\/span><\/div>
10. Strategy, Roadmap & Continuous Improvement:<\/b><\/span>
<\/span><\/div>

<\/span><\/div>
Define and own the information security roadmap aligned with business and product strategy. <\/span>
<\/span><\/span><\/li>
Track emerging cyber threats, vulnerabilities, regulatory updates, and industry trends.<\/span>
<\/span><\/span><\/li>
Recommend and implement continuous improvements to security posture.<\/span>
<\/span><\/span><\/li>
Lead evaluation and rollout of new security tools, technologies, and frameworks.<\/span>
<\/span><\/span><\/li>
Provide regular security posture updates to senior management.<\/span>
<\/span><\/span><\/li><\/ul>

<\/div>

<\/div>

<\/div>

<\/div><\/span>
Requirements<\/h3>
Desired Qualifications & Experience:<\/u><\/b>
<\/span><\/div>

<\/span><\/div>
Education:<\/b>
<\/span><\/div>
Bachelor\u2019s degree in Computer Science, Information Security, Engineering, or a related discipline.
<\/span><\/span><\/li>
Master\u2019s degree preferred
<\/span><\/span><\/li><\/ul>

<\/div>
Experience:<\/b>
<\/span><\/div>
6\u201310 years of hands\-on experience in:<\/span>
<\/span><\/span><\/li>
Information security<\/span>
<\/span><\/span><\/li>
Cybersecurity operations<\/span>
<\/span><\/span><\/li>
Risk, compliance, and audit management<\/span>
<\/span><\/span><\/li>
Strong experience working in product/SaaS organizations.<\/span>
<\/span><\/span><\/li>
Experience handling client data and customer\-driven security requirements.<\/span>
<\/span><\/span><\/li>
Prior exposure to manufacturing/plant or OT environments is a plus
<\/span>
<\/span><\/li><\/ul>
Certifications (Preferred):<\/b>
<\/span><\/div>
CISSP / CISM
<\/span><\/span><\/li>
ISO 27001 Lead Implementer or Lead Auditor
<\/span><\/span><\/li>
Cloud security certifications (AWS Security Specialty, Azure Security Engineer, etc.) \u2013 good to have
<\/span><\/span><\/li>
CEH (Certified Ethical Hacker)/ CompTIA Security+ ( good to have)
<\/span><\/span><\/li><\/ul>

<\/span><\/div>

<\/span><\/div>
Technical & Functional Expertise:<\/b>
<\/span><\/div>
Information security governance and ISMS
<\/span><\/span><\/li>
ISO 27001, SOC 2, PCI DSS frameworks
<\/span><\/span><\/li>
Risk assessment and mitigation
<\/span><\/span><\/li>
Security audits and compliance operations
<\/span><\/span><\/li>
Application, network, endpoint, and cloud security
<\/span><\/span><\/li>
Incident response and BCP/DR
<\/span><\/span><\/li>
Secure SDLC and product security
<\/span><\/span><\/li><\/ul>

<\/b><\/span><\/div>
Soft Skills:<\/b>
<\/span><\/div>
Strong communication and documentation skills
<\/span><\/span><\/li>
Ability to work cross\-functionally with IT, product, engineering, and business teams
<\/span><\/span><\/li>
Proven ability to manage audits independently and external stakeholders
<\/span><\/span><\/li>
Strong analytical, problem\-solving, and decision\-making skills

<\/span><\/span><\/li><\/ul>

<\/span><\/div>

<\/div><\/span>
Benefits<\/h3>
The company offers a range of employee benefits including:<\/u><\/b>
<\/span><\/div>

<\/span><\/div>
Cashless medical insurance for employees, spouses, and children<\/span>
<\/span><\/span><\/li>
Accidental insurance coverage<\/span>
<\/span><\/span><\/li>
Life insurance coverage<\/span>
<\/span><\/span><\/li>
Retirement benefits including Provident Fund (PF) and Gratuity<\/span>
<\/span><\/span><\/li>
ESI*<\/span>
<\/span><\/span><\/li>
Complementary meal coupons<\/span>
<\/span><\/span><\/li>
Company\-paid transportation<\/span>
<\/span><\/span><\/li>
Sodexo benefits for income tax savings<\/span>
<\/span><\/span><\/li>
Paternity & Maternity Leave Benefit<\/span>
<\/span><\/span><\/li>
National Pension Saving<\/span>
<\/span><\/span><\/li>
EL encashment<\/span>
<\/span><\/span><\/li>
Sick Leave
<\/span>

<\/span><\/li><\/ul><\/span>