Information Security Manager

Job Title: Cybersecurity Manager

Location: Bengaluru / Hybrid
Department: Information Security

Role Overview

We are seeking an experienced Cybersecurity Manager to lead and mature enterprise security programs across governance, cyber risk management, compliance, cloud security, AI security governance, and certification initiatives.

This role will be responsible for cyber risk management, IT audits, vulnerability governance, certification ownership, and enterprise security programs across key standards including SOC 2 Type II, ISO 27001, PCI-DSS, and HIPAA.

The role will also lead AI risk management and Responsible AI initiatives to ensure secure adoption of emerging technologies.

Key Responsibilities

1. Security Strategy & Governance

• Define and execute enterprise cybersecurity strategy aligned to business objectives and regulatory requirements
• Establish security policies, standards, and governance frameworks
• Drive adoption of security frameworks including NIST CSF, ISO 27001, and CIS Controls
• Govern security operations from risk and governance perspective
• Review security incidents, operational risks, trends, and management reporting
• Support incident readiness and post-incident governance activities

1. Cyber Risk Management

• Lead enterprise cyber risk management programs including risk identification, assessment, treatment, and reporting
• Maintain risk registers and executive reporting
• Integrate cyber risks across cloud, applications, AI systems, infrastructure, and third parties

1. IT Audits & Compliance Ownership

Own enterprise certification and audit programs including:

• SOC 2 Type II
• ISO 27001 / ISO 27701
• PCI-DSS
• HIPAA

Responsibilities include: Responsibilities include IT audits, certification readiness, evidence management, remediation tracking, and client assurance support.

1. Vulnerability Governance

• Govern enterprise vulnerability management programs
• Oversee VAPT activities and remediation tracking
• Drive risk-based prioritization and exposure reduction initiatives

1. AI Risk Management & Responsible AI

• Define AI security and AI risk management frameworks
• Identify risks related to AI systems including data leakage, model manipulation, privacy, and bias risks
• Drive Responsible AI governance and policy implementation
• Support secure AI lifecycle initiatives

1. Security Architecture & Engineering Governance

• Collaborate with IT and engineering teams on secure architecture initiatives
• Promote Zero Trust, identity-first security, and secure SDLC practices

1. Vendor Risk Management & Security Awareness

• Conduct vendor risk assessments and third-party reviews
• Support supplier security governance and contractual security requirements
• Lead enterprise awareness programs and phishing initiatives
• Promote organization-wide security culture initiatives

Required Qualifications

• Bachelor’s degree in Cybersecurity / IT / Engineering or related fields
• 8–12+ years cybersecurity experience
• 3–5 years in leadership roles
• Experience in cyber risk, audits, certifications, cloud security, and governance programs
• Experience supporting client assurance and regulatory initiatives

Preferred Certifications

CISSP | CISM | CISA | CRISC | CCSP | ISO 27001 Lead Implementer / Lead Auditor | SC-100 | AZ-500

Key Skills

• Cyber Risk Management
• IT Audit & Compliance (SOC2, ISO, PCI-DSS, HIPAA)
• Vulnerability Governance & VAPT
• Cloud Security Governance
• AI Risk Management & Responsible AI
• Security Governance
• Vendor Risk Management
• Leadership & Stakeholder Management