Senior Information Security & Control Manager

Position: Senior Information Security & Control Manager

Experience: 8-12 Years

Work Location: Pune

Work Model: 5 days WFO

Key Skills: CyberSecurity IT risk management compliance information security governance SOC Operations & SIEM tools.

Job Description:

We are seeking a seasoned and strategic Senior Manager Information Security & Control to lead and strengthen our cybersecurity IT risk and compliance this leadership role you will oversee the development and execution of security governance risk management internal control frameworks and compliance programs across a portfolio of client environments.

As a key advisor to executive stakeholders you will be responsible for delivering secure compliant and resilient information systems by driving the alignment of cybersecurity practices with business goals regulatory mandates and industry standards.

Key Responsibilities:

1. Enterprise IT Risk Assessment & Control Framework Oversight

• Lead the identification evaluation and mitigation of IT and cybersecurity risks across infrastructure applications and data assets.
• Define and manage control frameworks to address key risk areas especially in cloud hybrid and multi-tenant environments.
• Conduct executive-level risk assessments and deliver control strategies to reduce vulnerabilities and ensure operational integrity.
• Oversee business impact analyses risk appetite assessments and the integration of risk controls into broader IT governance.

2. Security Operations & Incident Oversight

• Provide strategic direction and oversight to Security Operations Center (SOC) activities and security monitoring initiatives.
• Lead high-severity incident management efforts ensuring timely escalation communication and root cause analysis.
• Evaluate detection and response capabilities and implement enhancements for real-time threat intelligence and response workflows.
• Define SOC performance metrics and ensure adherence to service-level agreements and best practices.

3. Compliance Management & Regulatory Alignment

• Lead enterprise compliance efforts with international and local regulations (e.g. GDPR Law 25 PIPEDA ISO 27001 PCI-DSS).
• Develop and maintain governance models internal controls and audit mechanisms to ensure regulatory readiness.
• Manage client-facing and internal audit engagements ensuring timely resolution of compliance gaps and issues.
• Act as a strategic liaison between technical teams compliance officers and legal counsel.

4. Data Privacy & Protection Governance

• Oversee the design and implementation of robust data protection programs including encryption anonymization and access controls.
• Ensure organizational adherence to privacy laws through formal policies data protection impact assessments (DPIAs) and secure data lifecycle management.
• Collaborate with Data Protection Officers (DPOs) and client stakeholders to operationalize privacy-by-design principles.

5. Crisis Management & Business Continuity Leadership

• Lead enterprise crisis response planning and business continuity initiatives including scenario testing and tabletop exercises.
• Provide senior guidance during major cybersecurity incidents or breaches ensuring minimal business disruption and timely recovery.
• Evaluate and enhance continuity plans to account for evolving threats and operational dependencies.

6. Security Awareness Training & Stakeholder Engagement

• Develop organization-wide training programs to promote security best practices and compliance awareness.
• Deliver executive workshops and functional team training on cybersecurity risks policy compliance and secure operations.
• Foster a culture of accountability and security ownership across business units and client organizations.

7. Strategic Threat Intelligence & Regulatory Monitoring

• Monitor emerging cybersecurity threats evolving attack vectors and global regulatory developments.
• Translate external intelligence into actionable internal strategies technology investments and control adjustments.
• Provide forward-looking guidance to leadership and clients to stay ahead of regulatory and technological shifts.

8. Reporting Governance and Executive Communication

• Oversee the creation of risk dashboards compliance status reports and security performance metrics for executive audiences.
• Present complex security and compliance concepts to senior stakeholders in a clear and actionable manner.
• Support board-level reporting and contribute to security strategy development in alignment with corporate objectives.

Required Qualifications:

• Bachelor’s or Master’s degree in Computer Science Information Security Risk Management or related discipline.
• 8-14 years of experience in cybersecurity IT risk management compliance or information security governance with 3 years in managerial role.
• Deep expertise in regulatory standards and control frameworks such as ISO 27001 NIST COBIT PCI-DSS GDPR Law 25 and PIPEDA.
• Strong knowledge of SOC operations SIEM tools threat detection and incident response strategies.
• Proven ability to manage and influence stakeholders at all levels including C-suite and board members.
• Excellent written and verbal communication skills in French and English.
• Preferred certifications: CISSP CISM CISA CRISC ISO 27001 Lead Implementer/Auditor or equivalent.