Manager - Information Security

1 Hour ago • 12-15 Years
Cyber Security

Job Description

The Manager – Information Security will develop, evaluate, and ensure alignment with cybersecurity controls and policies, maintaining compliance with standards, and embedding security into the organization’s products, services, and technology infrastructure. This role requires a subject matter expert capable of bridging the gap between security policy, risk, and technical implementation, with a solid understanding of the latest security frameworks and technologies, including Cloud and AI, to support risk-based decision-making.
Good To Have:
  • Certifications: CISSP, CISM, CISA, CRISC, or equivalent.
  • Experience with GRC platforms and risk assessment methodologies.
  • Familiarity with regulatory standards like GDPR, CCPA, and data protection laws.
  • Exposure to cloud platforms (Azure, AWS) and security tools (Defender, CrowdStrike, Tenable).
  • Knowledge of enterprise architecture frameworks and secure design principles.
Must Have:
  • Develop and maintain cybersecurity policies, standards, and procedures.
  • Convert security risks into policy requirements and guide implementation.
  • Conduct comprehensive risk assessments and control gap analyses.
  • Advise on risk mitigation strategies and track emerging threats.
  • Provide guidance on secure cloud, network architecture, and system hardening.
  • Lead security reviews of new technologies and system changes.
  • Ensure security integration in designs and implemented services.
  • Maintain documentation and evidence repositories for attestations.
  • Develop and implement cybersecurity awareness programs.
  • Bachelor’s/Master’s degree in Information Security or related field.
  • 12-15 years experience in Information Security, risk management, network security, architecture.
  • Hands-on experience in system/network administration (Windows/Linux/Cloud).
  • Deep understanding of ISO 27001, NIST, PCI DSS, COBIT frameworks.
  • Proven experience drafting and implementing security policies and standards.
  • Strong knowledge of identity lifecycle management and access governance.
  • Experience with audit documentation and evidence management tools.
  • Excellent communication and stakeholder engagement skills.

Add these skills to join the top 1% applicants for this job

team-management
communication
risk-management
risk-assessment
risk-mitigation
game-texts
linux
aws
azure
cloud-security
jira

Description

Job Summary

The Manager – Information Security will be instrumental in developing, evaluating, and ensuring alignment with cybersecurity controls and policies, maintaining compliance with standards, and embedding security into the organization’s products, services, and technology infrastructure. This position demands a subject matter expert capable of bridging the gap between security policy, risk, and technical implementation. A solid understanding of the latest security frameworks and technologies, including Cloud and AI, is essential to effectively inform and support risk-based decision-making

Key Responsibilities

Cybersecurity Policy & Governance

  • Develop, review, and maintain cybersecurity policies, standards, and procedures consistent with NIST, Cloud Security Alliance, CIS, and other global security frameworks.
  • Convert identified security risks into policy requirements while ensuring alignment with business objectives.
  • Work with security, engineering, architecture, and operational teams to confirm that policies are technically feasible and provide guidance on implementing and enforcing controls.

Risk Management and Assessments

  • Function as a security specialist, providing advisory support or directly conducting comprehensive risk assessments and control gap analyses across services, products, infrastructure, and applications.
  • Offer recommendations and guidance on effective risk mitigation strategies that align with business objectives and maintain appropriate security standards.
  • Track emerging threats, evolving industry standards, best practices, and regulatory changes in order to proactively advise on necessary updates to policies, controls, or other measures required to strengthen and modernize our risk management posture.

Security Architecture

  • Provide guidance on secure cloud, network architecture, segmentation, and system hardening.
  • Work with engineering teams to monitor and maintain secure configurations and access controls.
  • Lead or advise on security reviews of new technologies and system changes.
  • Carry out Security Architecture Integration by conducting ongoing or targeted architecture reviews to confirm that security is incorporated, integrated, and verified in designs and implemented services.
  • Establish and uphold architectural security principles throughout the technology and services ecosystem.
  • Assess and integrate security tools and technologies to support the enterprise security posture.

Security Assurance and Attestations

  • Maintain documentation and evidence repositories to facilitate internal and external support.
  • Utilize platforms such as SharePoint and Jira to ensure optimal assessment preparedness.
  • Collaborate with control owners to monitor, address, and close findings efficiently.

Awareness & Communication

  • Develop and implement cybersecurity awareness programs designed for both technical and non-technical teams.
  • Prepare concise communications regarding policy changes, risk advisories, and incident notifications.
  • Deliver training sessions to stakeholders on security controls and risk management procedures.

Required Qualifications

-----------------------

  • Bachelor’s / Master’s degree in Information Security, Computer Science, or related field.
  • 12 –15 years of experience in Information Security with a strong focus on risk management, network security, and security architecture.
  • Hands-on experience in system/network administration (Windows/Linux/Cloud).
  • Deep understanding of frameworks such as ISO 27001, NIST, PCI DSS, and COBIT.
  • Proven experience in drafting and implementing security policies and technical standards.
  • Strong knowledge of identity lifecycle management and access governance.
  • Experience with audit documentation and evidence management tools (e.g., SharePoint, Jira).
  • Excellent communication and stakeholder engagement skills.

Preferred Qualifications

  • Certifications: CISSP, CISM, CISA, CRISC, or equivalent.
  • Experience with GRC platforms and risk assessment methodologies.
  • Familiarity with regulatory standards such as GDPR, CCPA, and other data protection laws.
  • Exposure to cloud platforms (Azure, AWS) and security tools (e.g., Defender, CrowdStrike, Tenable).
  • Knowledge of enterprise architecture frameworks and secure design principles.

Set alerts for more jobs like Manager - Information Security
Set alerts for new jobs by Yodlee
Set alerts for new Cyber Security jobs in India
Set alerts for new jobs in India
Set alerts for Cyber Security (Remote) jobs

Contact Us
hello@outscal.com
Made in INDIA 💛💙