Sr Manager Information Security

Designation: Assistant Vice President Information Security

Location: Mumbai - Goregaon (WFO 5days week)

Grade: Sr Manager /Assistant Vice President

Salary - 25 LPA

Work Experience: 10 15 years of experience in IT & Information Security BFSI industry exposure with experience in handling regulators & audits

Qualification: MBA / /B.E/ in Cybersecurity or Information Security / ISO 27001 & ISO 22301 Lead Implementer or Lead Auditor certification.

Role Purpose
The Senior Manager Cyber & Information Security will serve as the primary technical leader under the CISO responsible
for hands-on design implementation and operation of enterprise cyber security controls.
This role ensures that the organizations cyber strategy regulatory requirements and risk management objectives are
translated into effective technical execution measurable security maturity and resilient operations.
The role demands deep technical expertise strong leadership and proven experience in regulated environments.

Key Responsibilities
Areas of Technical excellence for Cyber Security Management includes NG-SOC SIEM SOAR EDR/XDR NDR UEBA
Threat Intelligence platforms. Drive detection engineering use-case development and threat hunting. Lead incident
response digital forensics root cause analysis and remediation.
Areas of Technical excellence on DLP WAF Firewall IPS/IDS Proxy CASB.
Comprehensive knowledge on multiple technologies amongst Zero Trust /Private Access /DRM /Data Classification
Encryption / DNS Security / Server Security / Email Security / Deep Security/Multi Factor Authentication/
Antivirus/Patching/ PIM PAM / Endpoint Security/ CNAPP
Implementing new security solutions after conducting successful POCs Securing IT systems requires establishing and
enforcing policies defining and monitoring access
Strong understanding in Log analysis of network event web filter activity Antivirus Antimalware DLP Syslogs IPSThreat analysis and security system logs.
Strong understanding and direct experience on Cloud Security Network Security -Anomaly Detection Systems Firewalls
Routers Switches Confidential LDAP AD Servers etc.
Experience in Network. DNS VA tool and Program Management Process Design and Implementation.
Endpoint Security & Management: - O365 APT MDM Antivirus EDR Disk encryption Endpoint Patching.
Knowledge of Information Security Management System - ISO 27001 Business Continuity Management System - ISO
22301 IRDAI guidelines and NIST framework. Identifying gaps and then formulating action plans to close the gaps.
Work with business internal IT and third-party vendor teams to promote and adopt security best practices.
Validate IT infrastructure and other reference architectures for security best practices and recommend changes to
enhance security and reduce confidential risks where applicable.
Work with Security partners Managed Security Service Provider (MSSP) to conduct and review regular security
assessments (Pen tests Vulnerability scans etc.) of vendors and solutions (SaaS IaaS providers and MSSP)
Create communicate and implement a risk-based process for vendor risk management including the assessment and
treatment for risks that may result from partners consultants and other service providers.
Oversee information security audits whether performed by organization or third-party personnel.
Assist resource owners in understanding and responding to security audit failures reported by auditors.
Implement projects as per roadmaps.
Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
Day to day monitoring of IT Processes/IT Infrastructure from information security perspective. monitoring the
information security controls KRIs/KPIs and technical landscape.
Execute technical risk assessments around applications control testing on premise and for SaaS & Cloud environment etc.
Develop knowledge base re-usable components for GRC advisory services.
Responsible for development and enhancements of GRC services and delivery capabilities.
End to End knowledge on Security Incident Alerts & Management.
Prepare dashboards on incidents risks vulnerabilities and compliance.
Provide periodic reports to CISO.

Work Experience
10 15 years of experience in IT & Information Security
BFSI industry exposure with experience in handling regulators & audits