Information Security Manager

Job Summary

Reporting directly to the Chief Information Officer (CIO), the Information Security Manager leads the operational execution of the organization’s information security program. This role involves managing security functions, implementing strategy, overseeing technologies, and leading Governance, Risk Management, and Compliance (GRC) activities with a strong focus on cloud/SaaS environments. It demands close collaboration with IT, Development, Sales, Legal, Compliance, and other core business functions.

The role requires the ability to represent the company’s security posture effectively to external and internal clients and auditors. This individual serves as the primary operational leader for security, advising the CIO, driving initiatives, and acting as a key security liaison internally and externally.

• Lead and manage core security functions (Sec Ops, Vulnerability Management, Incident Response).
• Drive key security programs (Security Awareness, DLP, IAM).
• Oversee administration and optimization of security tools (SIEM, EDR, DLP, etc.).

• Establish, manage, and mature the information security GRC framework, including risk assessment methodologies, control implementation, and policy lifecycle management.
• Manage the information security risk register, conduct regular risk assessments (incl. SaaS/cloud), propose mitigations, and track remediation.
• Ensure compliance with relevant laws, regulations (e.g., CERT-In directives, DPDP Act), standards (ISO 27001, SOC 2, etc.), and contractual obligations.
• Lead security audit preparation (internal/external) and manage responses/remediation efforts.
• Develop, implement, socialize, and enforce information security policies and standards.

• Develop, implement, and manage security controls, configurations, and processes for SaaS applications.
• Conduct security and risk assessments for new and existing SaaS solutions.
• Provide security guidance for the adoption and secure configuration of SaaS applications.

• Cross‑Functional Partnership:
  Foster strong working relationships across departments, including IT, Development, Sales, Legal, Compliance, and other core business functions.
• Development
  
  Collaboration:
  
  Work closely with development teams on Secure SDLC practices (secure coding, threat modeling, App Sec testing).
• Sales Partnership:
  Provide security expertise to Sales during the sales cycle.
• Client‑Facing Security:
  Represent the company’s security posture externally, responding to client questionnaires (RFIs/RFPs) and participating in security discussions.

• Support the CIO in developing and refining the security strategy.
• Translate strategy into actionable plans and lead execution, particularly around GRC and operations.
• Act as the primary security advisor to the CIO on operational security, GRC status, risk posture, and cloud/SaaS security.
• Prepare security reports, metrics (including GRC metrics), and briefings for the CIO.

• Lead security incident response coordination.
• Provide technical leadership on security architecture and secure configurations.
• Manage security vendor relationships and provide input on the security budget.
• Lead and mentor any direct or indirect security team members.

• 8-10+ years of progressive experience in Information Security across multiple domains.
• Strong understanding and practical experience with Governance, Risk Management, and Compliance (GRC) principles and frameworks (e.g., implementing controls based on NIST/ISO, managing risk registers, policy lifecycle management, supporting audits such as SOC 2 or ISO 27001).
• Demonstrated experience in securing SaaS applications (controls, configuration, risk assessment) and understanding of identity federation.
• Proven ability to collaborate effectively with technical and business/support functions (Sales, Legal, Compliance). Experience with Dev Sec Ops  principles desirable.
• Excellent client‑facing communication, presentation, and interpersonal skills; ability to…